Kibana Unrestricted Upload of File (ESA-2024-47)
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
Affected Versions:
7.17.0 to 7.17.18 and 8.0.0 to 8.12.3
Solutions and Mitigations:
The issue is resolved in version 7.17.19 or higher, and 8.13.0 or higher.
Severity: CVSSv3.1: 4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE ID: CVE-2025-25016