Vulnerabilities > CVE-2024-37279 - Unspecified vulnerability in Elastic Kibana

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

elastic

NVD

Published: 2024-06-13

Updated: 2024-10-03

Summary

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Kibana 8.7.0 Elastic Kibana 8.7.1 Elastic Kibana 8.8.0 Elastic Kibana 8.8.1 Elastic Kibana 8.8.2 Elastic Kibana 8.9.0 Elastic Kibana 8.9.1 Elastic Kibana 8.9.2 Elastic Kibana 8.10.0 Elastic Kibana 8.10.1 Elastic Kibana 8.10.2 Elastic Kibana 8.10.3 Elastic Kibana 8.10.4 Elastic Kibana 8.11.0 Elastic Kibana 8.11.1 Elastic Kibana 8.12.1 Elastic Kibana 8.12.2 Elastic Kibana 8.13.0 Elastic Kibana 8.13.1 Elastic Kibana 8.13.2 Elastic Kibana 8.13.3 Elastic Kibana 8.13.4	22

References

https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887