Kibana 8.12.1 Security Update (ESA-2024-21)

Kibana Improper Authorization (ESA-2024-21)

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.

Affected Versions:

Kibana versions before and including 8.12.0.

Solutions and Mitigations:

The issue is resolved in versions 8.12.1.

For Users that Cannot Upgrade:

Self-hosted:
Users with a self-hosted deployment who cannot upgrade can disable the synthetics app OR put a block on synthetics indices.

  1. Disable the synthetics by adding xpack.uptime.enabled: false to their kibana.yml file
  2. Put an index block on the synthetics-* indices to make them read-only see

Elastic Cloud:
Users on an Elastic Cloud deployment who cannot upgrade can put a block on synthetics indices

  1. Put an index block on the synthetics-* indices to make them read-only see

Severity: High (7.6) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/CR:M/IR:M/AR:M
CVE ID: CVE-2024-43706