Kibana Improper Authorization (ESA-2024-21)
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
Affected Versions:
Kibana versions before and including 8.12.0.
Solutions and Mitigations:
The issue is resolved in versions 8.12.1.
For Users that Cannot Upgrade:
Self-hosted:
Users with a self-hosted deployment who cannot upgrade can disable the synthetics app OR put a block on synthetics indices.
- Disable the synthetics by adding
xpack.uptime.enabled: false
to theirkibana.yml
file - Put an index block on the synthetics-* indices to make them read-only see
Elastic Cloud:
Users on an Elastic Cloud deployment who cannot upgrade can put a block on synthetics indices
- Put an index block on the synthetics-* indices to make them read-only see
Severity: High (7.6) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/CR:M/IR:M/AR:M
CVE ID: CVE-2024-43706