GHSA-4R5R-CCR6-Q6F6 Fleet has an Access Control vulnerability in debug/pprof endpoints

Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Impact Fleet’s debug/pprof endpoints...

BIT-KIBANA-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

CVE-2024-43707

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

Elastic Kibana 信息泄露漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that originates from a user who does not have access to Fleet viewing Elastic Agent policies that may contain sensitive information...

CVE-2021-41557

Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting XSS. An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section or change existing work orders. The XSS payload is in the work order number...