Kibana Denial of Service issue (ESA-2024-16)
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.
Affected Versions:
Kibana 8.x versions prior to 8.14.0 and Kibana 7.x versions prior to 7.17.23
Solutions and Mitigations:
The issue is resolved in version 8.14.0 and 7.17.23.
Severity: CVSSv3: 6.5(Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/CR:M/IR:M/AR:M
CVE ID: CVE-2024-37281