Vulnerabilities > Elastic > Kibana > 8.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-23446 | Unspecified vulnerability in Elastic Kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. | 6.5 |
| 2023-12-13 | CVE-2023-46671 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. | 6.5 |
| 2023-12-13 | CVE-2023-46675 | Information Exposure Through Log Files vulnerability in Elastic Kibana An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. | 6.5 |
| 2023-05-04 | CVE-2023-31414 | Code Injection vulnerability in Elastic Kibana Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. | 8.8 |
| 2023-05-04 | CVE-2023-31415 | Code Injection vulnerability in Elastic Kibana 8.7.0 Kibana version 8.7.0 contains an arbitrary code execution flaw. | 8.8 |