Lucene search
K

8 matches found

CVE
CVE
added 2026/01/13 9:5 p.m.19 views

CVE-2026-0531

CVE-2026-0531 affects Kibana Fleet. Vulnerability: Allocation of Resources Without Limits or Throttling (CWE-770) enabling Excessive Allocation (CAPEC-130) via a specially crafted bulk retrieval request. Root cause: repetitive database retrievals that rapidly consume memory, leading to server cra...

6.5CVSS6.3AI score0.00416EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/27 7:12 a.m.8 views

BIT-KIBANA-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.3AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2025/01/27 7:10 a.m.4 views

BIT-ELK-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.3AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 2025/01/23 6:15 a.m.12 views

CVE-2024-43707

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 2025/01/23 6:8 a.m.89 views

CVE-2024-43707

CVE-2024-43707 describes a Kibana issue where a user who lacks Fleet access can view Elastic Agent policies, potentially exposing sensitive information depending on enabled integrations and Elastic Agent versions. The impact is confidentiality-focused, with the CVSS and sector summaries indicatin...

7.7CVSS6.5AI score0.0041EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/23 6:8 a.m.16 views

CVE-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.5 views

Elastic Kibana 信息泄露漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that originates from a user who does not have access to Fleet viewing Elastic Agent policies that may contain sensitive information...

7.7CVSS6.4AI score0.0041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.5 views

PT-2024-10387 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Elastic Kibana versions 8.0.0 through 8.15.0 Description: An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information...

7.7CVSS6.6AI score0.0041EPSS
Exploits0References22
Rows per page
Query Builder