Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Kibana 9.3.x < 9.3.3 SSRF (ESA-2026-40)

The version of Kibana installed on the remote host is 9.3.x prior to 9.3.3. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-40 advisory. - Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the...

7.7CVSS5.5AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.8 views

BIT-ELK-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.10 views

BIT-ELK-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.12 views

CVE-2026-49093

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 10:44 p.m.7 views

Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the connector management. An attacker can access internal network resources by bypassing...

7.7CVSS5.3AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 9:16 p.m.12 views

CVE-2026-49093

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:51 p.m.34 views

CVE-2026-49093

CVE-2026-49093 describes a Server-Side Request Forgery (SSRF) in Kibana that can be exploited by an authenticated user with connector management privileges to bypass the operator-configured allowlist and make Kibana issue outbound requests to blocked destinations. The issue affects Kibana 9.x ver...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/28 7:51 p.m.9 views

EUVD-2026-33035

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:47 p.m.21 views

CVE-2026-42398

Kibana is affected by SSRF (CWE-918) where authenticated users with connector-management privileges can bypass the operator-configured allowlist by configuring a Webhook connector to target destinations. The issue allows outbound requests to blocked destinations as per egress controls. Affected v...

7.7CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/28 7:47 p.m.10 views

EUVD-2026-33032

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.003EPSS
Exploits0References1
Elastic
Elastic
added 2026/05/28 7:25 p.m.33 views

Kibana 9.2.8, and 9.3.2 Security Update (ESA-2026-37)

Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted...

7.7CVSS5.8AI score0.003EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44509

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Server-Side Request Forgery SSRF allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with...

7.7CVSS5.8AI score0.003EPSS
Exploits0References4
Rows per page
Query Builder