CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

OSV•added 2025/12/20 11:39 a.m.•2 views

BIT-KIBANA-2025-68386 Kibana Improper Authorization

Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible to everyone in the space via a crafted a HTTP request...

4.3CVSS6.8AI score0.00026EPSS

Exploits0References2

OSV•added 2025/12/20 11:36 a.m.•3 views

BIT-ELK-2025-68386 Kibana Improper Authorization

4.3CVSS6.8AI score0.00026EPSS

Exploits0References2

RedhatCVE•added 2025/12/19 6:29 a.m.•2 views

CVE-2025-68386

A flaw was found in Kibana, where an authenticated user, through a crafted HTTP request, can exploit an Improper Authorization CWE-285 vulnerability. This allows the user to change a document's sharing type to "global" without proper permissions. The consequence is unauthorized information...

4.3CVSS6AI score0.00026EPSS

Exploits0References4

NVD•added 2025/12/18 11:15 p.m.•1 views

CVE-2025-68386

4.3CVSS0.00026EPSS

Exploits0References1

OSV•added 2025/12/18 11:15 p.m.•0 views

CVE-2025-68386

4.3CVSS6.8AI score

Exploits0References1

CVE•added 2025/12/18 10:21 p.m.•6 views

CVE-2025-68386

CVE-2025-68386 — Kibana : A vulnerability described as Improper Authorization (CWE-285) could allow an authenticated user to escalate privileges by changing a document’s sharing type to “global” via a crafted HTTP request, making it visible to everyone in the space. The issue arises from insuffic...

4.3CVSS6.5AI score0.00026EPSS

Exploits0References1Affected Software1