14 matches found
BIT-KIBANA-2025-68422 Kibana Improper Authorization
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
BIT-ELK-2025-68422 Kibana Improper Authorization
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
CVE-2025-68422
A flaw was found in Kibana. An authenticated user can exploit this vulnerability by sending a specially crafted HTTP request, which bypasses intended permission restrictions. This improper authorization allows an attacker, who lacks the "live queries - read" permission, to successfully retrieve t...
EUVD-2025-204405
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
Incorrect Authorization
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization in the live queries. An attacker can access unauthorized data by sending a crafted HTTP request. Remediati...
CVE-2025-68422
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
CVE-2025-68422
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
CVE-2025-68422
CVE-2025-68422 describes an Improper Authorization (CWE-285) vulnerability in Kibana where an authenticated user lacking the live queries - read permission can bypass permission restrictions via a crafted HTTP request to retrieve the list of live queries. The issue could lead to information discl...
CVE-2025-68422 Kibana Improper Authorization
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
CVE-2025-68422 Kibana Improper Authorization
Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...
Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-39)
Kibana Improper Authorization ESA-2025-39 Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the 'live queries - read'...
PT-2025-52372
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An improper authorization issue exists in Kibana that could allow an authenticated user to bypass intended permission restrictions. Specifically, an attacker lacking the necessary permissions...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the LIVE SELECT process. An attacker can access unauthorized records by subscribing to live queries on a table and observing data changes triggered by other users, thereby bypassing intended access controls...
3 Ways to Hunt for the ZeroLogon Vulnerability on Your Windows Servers
Vulnerability assessment and patch management can be painful time-consuming processes. From the Security team looking at vulnerability reports and prioritizing the riskiest ones for their environment to the IT or Infrastructure team determining exactly which machines need to be patched and...