2 matches found
CVE-2024-37285
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...
CVE-2024-37285
CVE-2024-37285 describes a deserialization flaw in Kibana that can trigger arbitrary code execution when parsing a crafted YAML document. Exploitation requires an attacker to hold a combination of Elasticsearch indices privileges on .kibana_ingest (write) with allow_restricted_indices set to true...