Lucene search

[email protected]NVD:CVE-2024-37279

HistoryJun 13, 2024 - 5:15 p.m.

CVE-2024-37279

2024-06-1317:15:50

[email protected]

web.nvd.nist.gov

kibana

view-only users

alerting

run_soon api

system availability

complex queries

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

References

discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-37279

cve1 osv2 vulnrichment1 redhatcve1 nessus1 cvelist1