Lucene search
K
ElasticRecent

248 matches found

Elastic
Elastic
added 2026/07/01 2:5 p.m.6 views

Kibana 7.17.15, 8.11.1 Security Update (ESA-2026-53)

Improper Output Neutralization for Logs in Kibana Leading to Log Injection Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper...

8CVSS5.7AI score0.00201EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 2:4 p.m.5 views

Elasticsearch 7.17.24, 8.15.0 Security Update (ESA-2026-52)

Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained hi...

6.5CVSS5.7AI score0.00251EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 2:3 p.m.9 views

Kibana 8.16.3, 8.17.2 Security Update (ESA-2026-51)

Authorization Bypass Through User-Controlled Key in Kibana Leading to Unauthorized Data Modification Authorization Bypass Through User-Controlled Key CWE-639 in Kibana can lead to unauthorized data modification via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain...

4.2CVSS5.7AI score
Exploits0
Elastic
Elastic
added 2026/07/01 2:2 p.m.6 views

Kibana 8.18.9, 8.19.6, 9.0.8, 9.1.6 Security Update (ESA-2026-50)

Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive reques...

4.4CVSS5.7AI score0.00211EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:59 p.m.7 views

Kibana 8.19.15, 9.3.4 Security Update (ESA-2026-49)

Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion...

6.5CVSS5.7AI score0.00251EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:57 p.m.5 views

Elastic Defend 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-46)

Incorrect Authorization in Elastic Defend Leading to Information Disclosure Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged...

5.3CVSS5.7AI score0.00181EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:56 p.m.4 views

Kibana 8.19.17, 9.3.6, 9.4.3 Security Update (ESA-2026-45)

Improper Input Validation in Kibana Leading to Denial of Service Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can...

6.5CVSS5.7AI score0.00251EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:53 p.m.5 views

Fleet Server 8.19.11, 9.2.5, 9.3.0 Security Update (ESA-2026-44)

Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to ...

6.5CVSS5.7AI score0.00312EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:51 p.m.5 views

Elasticsearch 8.19.17, 9.3.6, 9.4.3 Security Update (ESA-2026-43)

Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a special...

4.9CVSS5.7AI score0.00324EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:50 p.m.11 views

Elasticsearch 8.19.17, 9.3.6, 9.4.3 Security Update (ESA-2026-42)

Uncontrolled Recursion in Elasticsearch Leading to Denial of Service Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the...

6.5CVSS5.7AI score0.00309EPSS
Exploits0
Elastic
Elastic
added 2026/07/01 1:48 p.m.5 views

Fleet Server 8.19.15, 9.3.4, 9.4.0 Security Update (ESA-2026-41)

Dependency on Vulnerable Third-Party Component in Fleet Server Leading to Denial of Service Dependency on Vulnerable Third-Party Component CWE-1395 exists in the Go standard library used by Fleet Server that could allow a remote attacker to cause denial of service by sending a specially crafted...

7.5CVSS7.1AI score0.00621EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:26 p.m.17 views

Kibana 9.3.3 Security Update (ESA-2026-40)

Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound...

7.7CVSS5.8AI score0.00199EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:26 p.m.19 views

Kibana 8.19.16 Security Update (ESA-2026-39)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to...

6.5CVSS5.7AI score0.0027EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:26 p.m.18 views

Kibana Fleet 8.19.16, 9.3.5, and 9.4.2 Security Update (ESA-2026-38)

Improper Input Validation in Kibana Fleet Leading to Privilege Escalation Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by...

6.5CVSS5.7AI score0.00262EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:25 p.m.34 views

Kibana 9.2.8, and 9.3.2 Security Update (ESA-2026-37)

Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted...

7.7CVSS5.8AI score0.003EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:25 p.m.95 views

Kibana 8.19.16, and 9.3.5 Security Update (ESA-2026-36)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memor...

6.5CVSS5.8AI score0.00296EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:25 p.m.49 views

Kibana 8.19.16, 9.3.5, 9.4.2 Security Update (ESA-2026-35)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to...

6.5CVSS5.7AI score0.00296EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:25 p.m.12 views

Kibana 8.19.16, 9.3.5 Security Update (ESA-2026-34)

Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup...

4.1CVSS5.7AI score0.00141EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:24 p.m.11 views

8.19.16, 9.3.5 Security Update (ESA-2026-33)

Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:24 p.m.15 views

Kibana 8.19.16, 9.3.5, 9.4.1 Security Update (ESA-2026-32)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to...

6.5CVSS5.7AI score0.00245EPSS
Exploits0
Elastic
Elastic
added 2026/05/28 7:24 p.m.79 views

Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)

Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...

4.6CVSS5.7AI score0.00223EPSS
Exploits0
Elastic
Elastic
added 2026/04/28 9:11 p.m.9 views

Elastic Package Registry 1.38.0 Security Update (ESA-2026-27)

Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the...

5.9CVSS5.3AI score0.00124EPSS
Exploits0
Elastic
Elastic
added 2026/04/08 4:32 p.m.14 views

Logstash 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-29)

Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The...

9.8CVSS6.6AI score0.00545EPSS
Exploits0
Elastic
Elastic
added 2026/04/08 4:29 p.m.12 views

Kibana 9.3.3 Security Update (ESA-2026-28)

Server-Side Request Forgery SSRF in Kibana One Workflow Leading to Information Disclosure Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in...

6.3CVSS6AI score0.00226EPSS
Exploits0
Elastic
Elastic
added 2026/04/08 4:25 p.m.33 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-26)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests wi...

6.5CVSS5.8AI score0.0024EPSS
Exploits0
Elastic
Elastic
added 2026/04/08 4:22 p.m.17 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-25)

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy...

4.3CVSS5.7AI score0.00175EPSS
Exploits0
Elastic
Elastic
added 2026/04/08 4:18 p.m.14 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-24)

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data,...

7.7CVSS5.7AI score0.00282EPSS
Exploits0
Elastic
Elastic
added 2026/04/08 4:1 p.m.57 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-21)

Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via...

7.7CVSS5.8AI score0.003EPSS
Exploits0
Elastic
Elastic
added 2026/03/30 2:17 p.m.11 views

Elastic OTel Java 1.10.0 Security Update (ESA-2026-22 / GHSA-xw7x-h9fj-p2c7)

Dependency on Vulnerable Third-Party Component in Elastic OTel Java Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in Elastic OTel Java via a dependency on OpenTelemetry Java instrumentation library. This vulnerability could allow an attacker to...

9.8CVSS6.5AI score0.00933EPSS
Exploits1
Elastic
Elastic
added 2026/03/19 4:59 p.m.9 views

Kibana 8.19.13, 9.2.7, 9.3.2 Security Update (ESA-2026-20)

Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an...

6.5CVSS5.7AI score0.0027EPSS
Exploits0
Elastic
Elastic
added 2026/03/19 4:59 p.m.11 views

Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)

Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Objec...

9.8CVSS8AI score0.01917EPSS
Exploits1
Elastic
Elastic
added 2026/03/19 4:56 p.m.7 views

Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-11)

Improper Validation of Array Index in Packetbeat Leading to Denial of Service Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted,...

5.7CVSS5.7AI score0.00239EPSS
Exploits0
Elastic
Elastic
added 2026/03/19 4:54 p.m.7 views

Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...

5.7CVSS5.8AI score0.00179EPSS
Exploits0
Elastic
Elastic
added 2026/03/19 4:53 p.m.9 views

Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)

Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information Dependency on Vulnerable Third-Party Component CWE-1395 exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an...

8.2CVSS5.9AI score0.00562EPSS
Exploits0
Elastic
Elastic
added 2026/03/19 4:51 p.m.8 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)

Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...

6.5CVSS5.8AI score0.00175EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:55 p.m.16 views

Kibana 9.3.1 Security Update (ESA-2026-17)

Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery SSRF Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files...

8.6CVSS5.8AI score0.00254EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:55 p.m.20 views

Synthetics Recorder 1.4.15 Security Update (ESA-2026-16) - CVE-2025-6554 and CVE-2025-7657

Dependency on Vulnerable Third-Party Component in Synthetics Recorder Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in the bundled Chromium browser in Elastic Synthetics Recorder that could allow an attacker to achieve remote code execution on a...

8.8CVSS6.5AI score0.06564EPSS
Exploits5
Elastic
Elastic
added 2026/02/26 4:54 p.m.15 views

Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-15)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153 Affected Versions: 8.x: All versions from 8.0.0 up to and including 8.19.10 9.x:...

6.5CVSS5.5AI score0.00272EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:53 p.m.14 views

Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-14)

Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492. Affected Versions: 8.x: All versio...

4.9CVSS5.3AI score0.00325EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:53 p.m.13 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-13)

Improper Input Validation in Kibana Leading to Denial of Service Improper Input Validation CWE-20 in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153 Affected Versions: 8.x: All versions from 8.4.0 up to and including 8.19....

6.5CVSS5.4AI score0.00278EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:52 p.m.16 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-12)

Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An...

6.5CVSS5.6AI score0.00275EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:51 p.m.10 views

Packetbeat 8.19.11, 9.2.5 Security Update (ESA-2026-10)

Improper Validation of Array Index in Packetbeat Leading to Denial of Service Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go...

5.7CVSS5.5AI score0.00454EPSS
Exploits0
Elastic
Elastic
added 2026/01/13 8:55 p.m.20 views

Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07)

Elasticsearch yawkat LZ4 Java - CVE-2025-66566 ESA-2026-07 An Information Disclosure vulnerability CVE-2025-66566 exists in the yawkat LZ4 Java library used by Elasticsearch that allows an attacker to read previous buffer contents through specially crafted compressed input sent via the transport...

8.2CVSS6.9AI score0.00562EPSS
Exploits0
Elastic
Elastic
added 2026/01/13 8:54 p.m.13 views

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-05)

External Control of File Name or Path and Server-Side Request Forgery SSRF in Kibana Google Gemini Connector ESA-2026-05 External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially...

8.6CVSS5.7AI score0.00417EPSS
Exploits1
Elastic
Elastic
added 2026/01/13 8:47 p.m.11 views

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-08)

Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation ESA-2026-08 Improper Input Validation CWE-20 in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation CAPEC-130 through a specially crafted email address parameter. This requires an...

6.5CVSS6.9AI score0.0037EPSS
Exploits0
Elastic
Elastic
added 2026/01/13 8:47 p.m.13 views

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-04)

Allocation of Resources Without Limits or Throttling in Kibana Fleet ESA-2026-04 Allocation of Resources Without Limits or Throttling CWE-770 in Kibana Fleet can lead to Excessive Allocation CAPEC-130 via a specially crafted bulk retrieval request. This requires an attacker to have low-level...

6.5CVSS6.8AI score0.00416EPSS
Exploits0
Elastic
Elastic
added 2026/01/13 8:45 p.m.10 views

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-03)

Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation ESA-2026-03 Allocation of Resources Without Limits or Throttling CWE-770 in Kibana Fleet can lead to Excessive Allocation CAPEC-130 via a specially crafted request. This causes the application to perfor...

6.5CVSS6.9AI score0.00273EPSS
Exploits0
Elastic
Elastic
added 2026/01/13 8:43 p.m.10 views

Packetbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-02)

Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers ESA-2026-02 Improper Validation of Array Index CWE-129 in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers CAPEC-100 through specially crafted network traffic. This requires an attacke...

6.5CVSS6.9AI score0.00197EPSS
Exploits0
Elastic
Elastic
added 2026/01/13 8:42 p.m.25 views

Metricbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-01)

Improper Input Validation in Metricbeat Leading to Denial of Service ESA-2026-01 Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service via Input Data Manipulation CAPEC-153 using specially crafted, malformed payloads sent to the Graphit...

7.5CVSS5.3AI score0.00327EPSS
Exploits0
Elastic
Elastic
added 2025/12/18 9:28 p.m.11 views

Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-39)

Kibana Improper Authorization ESA-2025-39 Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the 'live queries - read'...

4.3CVSS6.9AI score0.00197EPSS
Exploits0
Total number of security vulnerabilities248