Info about CVE-2024-37287

Hi all,
I noticed the following security update regarding the CVE-2024-37287. I would like to understand if it could be affected also an on-prem installation of Kibana (v7.17.7) made with rpm, so without docker.

I'm a little bit confused by the following point:

This issue affects self-managed Kibana installations on host Operating Systems.

Thank you very much!

Lorenzo

1 Like

Removed elastic-stack-security

If I'm not wrong this means that it affects Kibana instances running on bare metal and VMs, no matter if you installed using deb, rpm or tar.gz

So yes, this seems to affect your on-prem installation.

Thank you very much @leandrojmp to solve my doubts!

Hi, does this vulnerability also affect kibana 6.1.1?

@A_B1 If CVEs are a concern (which they should), please do no use 6.1.1. It's toooooo old.
7.17.latest at the very least or 8.15.0!

well for some reasons, I have to use 6.1.1 version for now, do you know if this vulnerability is in this version either or not?

No I don't know.

Version 6.X is not supported anymore, Elastic only checks if there are any vulnerabilities in supported versions.

1 Like