Kibana allocation of resources without limits or throttling leads to crash (ESA-2024-33)
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.
Affected Versions:
Kibana versions up to 7.17.23 and 8.15.0
Solutions and Mitigations:
The issue is resolved in versions 7.17.23 and 8.15.0
Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2024-52972
Kibana allocation of resources without limits or throttling leads to crash (ESA-2024-32)
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.
Affected Versions:
Kibana versions up to 7.17.23 and 8.15.0
Solutions and Mitigations:
The issue is resolved in versions 7.17.23 and 8.15.0
Severity: CVSSv3.1: 6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2024-43708