Vulnerabilities > Elastic > Kibana > 8.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-37287 | Unspecified vulnerability in Elastic Kibana A flaw allowing arbitrary code execution was discovered in Kibana. | 7.2 |
| 2024-06-19 | CVE-2024-23443 | Unspecified vulnerability in Elastic Kibana A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | 4.9 |
| 2024-06-14 | CVE-2024-23442 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2024-02-07 | CVE-2024-23446 | Unspecified vulnerability in Elastic Kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. | 6.5 |
| 2023-12-13 | CVE-2023-46671 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. | 6.5 |
| 2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
| 2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
| 2023-02-22 | CVE-2022-38779 | Open Redirect vulnerability in Elastic Kibana An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | 6.1 |
| 2023-02-08 | CVE-2022-38778 | Improper Input Validation vulnerability in multiple products A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | 6.5 |