Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the One Workflow. An attacker can access sensitive internal endpoints and data by bypassing...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the processing of malicious IPv4 fragments. An attacker can exhaust system memory and CPU resources by sending specially crafted network packets. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the handling of HTTP requests. An attacker can exhaust computing...

PT-2025-40966

Name of the Vulnerable Software and Affected Versions Kibana versions 5.3 through 8.7 Description Several cross-site scripting XSS issues have been disclosed by Elastic in Kibana. These issues could potentially allow for malicious code execution within the application. A search on Netlas.io using...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of partially failed bulk index requests. An attacker can disclose sensitive information contained in the document body by accessing error logs. Remediation Upgrade...