Lucene search
K

4 matches found

OSV
OSV
added 2026/04/13 5:42 a.m.8 views

BIT-KIBANA-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

7.7CVSS5.8AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32433

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

7.7CVSS5.8AI score0.003EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 4:38 p.m.26 views

CVE-2026-4498

CVE-2026-4498 concerns Kibana, specifically the Fleet plugin, where execution with unnecessary privileges arises from Kibana’s Fleet debug route handlers. An authenticated Kibana user with Fleet sub-feature privileges (e.g., agents, agent policies, settings management) can read index data beyond ...

7.7CVSS5.9AI score0.003EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/12 8:27 p.m.34 views

@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)

Impact Unauthorized access or privilege escalation due to a logic flaw in auth in the App Router or getAuth in the Pages Router. Affected Versions All applications that that use @clerk/nextjs versions in the range of = 4.7.0, 4.29.3 in a Next.js backend to authenticate API Routes, App Router, or...

9.8CVSS7.3AI score0.00682EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder