Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32408

Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...

7.7CVSS5.8AI score0.00282EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 6:34 p.m.5 views

EUVD-2026-20523

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.9AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-54667

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2025/06/14 5:44 a.m.2 views

BIT-KIBANA-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

8.8CVSS7.4AI score0.00352EPSS
Exploits0References2
Elastic
Elastic
added 2022/02/28 9:24 p.m.10 views

Elastic Stack 7.17.1 Security Update

Elasticsearch privilege escalation issue ESA-2022-02 A flaw was discovered in elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “” index permissions access to this...

6.1CVSS5.2AI score0.00909EPSS
Exploits0
Rows per page
Query Builder