Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113517HistoryJan 11, 2023 - 12:00 a.m.
Kibana 8.0.0 Insufficient Authorization
2023-01-1100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
kibana
authorization
security scanner
0.001 Low
EPSS
Percentile
22.7%
According to its self-reported version number, the Kibana application running on the remote host is 7.7.0 prior to 7.17.1 or 8.0.0. It is, therefore, affected by :
- A missing authorization issue in which users with read access to the Uptime feature could modify alerting rules (CVE-2022-23709)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data| Vendor | Product | Version | CPE |
|---|---|---|---|
| elasticsearch | kibana | * | cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:*:*:* |
Related
nessus
nessus
Kibana 7.7.0 < 7.17.1 Insufficient Authorization
2023-01-11 00:00:00
redhatcve
redhatcve
CVE-2022-23709
2022-03-21 16:34:34
nvd
nvd
CVE-2022-23709
2022-03-03 22:15:08
osv
osv
CVE-2022-23709
2022-03-03 22:15:08
cvelist
cvelist
CVE-2022-23709
2022-03-03 21:50:17
prion
prion
Design/Logic Flaw
2022-03-03 22:15:00
veracode
veracode
Privilege Escalation
2022-03-04 03:58:22
cve
cve
CVE-2022-23709
2022-03-03 22:15:08
openvas
openvas
Elastic Kibana Authorization Vulnerability (ESA-2022-03)
2022-03-04 00:00:00