Lucene search
ElasticVULNRICHMENT:CVE-2024-23442HistoryJun 14, 2024 - 2:26 p.m.
CVE-2024-23442 Kibana open redirect issue
2024-06-1414:26:53
CWE-601
elastic
github.com
4
kibana
open redirect
cve-2024-23442
maliciously crafted url
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.9%
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "8.13.4",
"status": "affected",
"version": "8.11.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.17.21"
}
]
}
]Related
osv
osv
BIT-elk-2024-23442
2024-06-18 07:17:33
BIT-kibana-2024-23442
2024-06-18 07:22:49
cvelist
cvelist
CVE-2024-23442 Kibana open redirect issue
2024-06-14 14:26:53
cve
cve
CVE-2024-23442
2024-06-14 15:15:49
nvd
nvd
CVE-2024-23442
2024-06-14 15:15:49
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.9%
Related for VULNRICHMENT:CVE-2024-23442