13 matches found
EUVD-2026-33035
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...
EUVD-2021-9297
Malicious code in bioql PyPI...
EUVD-2025-10273
Malicious code in bioql PyPI...
CVE-2024-52974
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them...
BIT-KIBANA-2024-52974
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them...
BIT-ELK-2024-52974
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them...
CVE-2024-52974
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them...
CVE-2024-52974
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them...
CVE-2021-22150
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
CVE-2021-22150
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
Code injection
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
CVE-2021-22150
KVE-2021-22150 affects Elastic Kibana. A Fleet admin could upload a malicious package, which is loaded insecurely due to an older js-yaml library, enabling command execution on the Kibana server. The vulnerability stems from the insecure handling of uploaded packages and the outdated dependency. ...
Elastic Stack 6.8.2 and 7.2.1 security update
Elasticsearch race condition flaw ESA-2019-07 A race condition flaw was found in the response headers Elasticsearch returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from...