Kibana Security Vulnerabilities and Issues — Kibana CVE List

Lucene search

ElasticKibana

7 matches found

CVE•added 2018/12/20 10:29 p.m.•136 views

CVE-2018-17246

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with perm...

9.8CVSS9.4AI score0.93865EPSS

CVE•added 2024/08/13 12:15 p.m.•101 views

CVE-2024-37287

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

9.1CVSS9.5AI score0.00596EPSS

CVE•added 2018/12/20 10:29 p.m.•90 views

CVE-2018-17245

Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource prov...

9.8CVSS9.1AI score0.00312EPSS

CVE•added 2019/03/25 7:29 p.m.•87 views

CVE-2019-7610

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker e...

9.3CVSS9.4AI score0.04068EPSS

CVE•added 2024/09/09 9:15 a.m.•83 views

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and ha...

9.9CVSS7.7AI score0.00831EPSS

CVE•added 2023/05/04 9:15 p.m.•65 views

CVE-2023-31415

Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the...

9.9CVSS9AI score0.00548EPSS

CVE•added 2023/10/26 2:15 a.m.•57 views

CVE-2023-31422

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 wh...

9CVSS7.7AI score0.00302EPSS