Kibana 8.14.0/7.17.22 Security Update (ESA-2024-10)

rodrigo_silva · June 14, 2024, 2:09pm

Kibana open redirect issue (ESA-2024-10).

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Affected Versions:
Kibana Versions before 7.17.22 and before 8.14.0.

Solutions and Mitigations:
The issue is resolved in versions 7.17.22 and 8.14.0.

Severity: CVSSv3: 6.1(Medium) - AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID: CVE-2024-23442

Topic		Replies	Views
Kibana 7.17.9 and 8.6.2 Security Update Security Announcements	0	11938	February 16, 2023
Elastic Stack 7.13.0 and 6.8.16 Security Update Security Announcements	1	10220	November 4, 2022
Kibana 7.17.23/8.14.0 Security Update (ESA-2024-16) Security Announcements	0	1331	July 30, 2024
Kibana 6.0.1 and 5.6.5 security update Security Announcements	1	14820	November 4, 2022
Elastic Stack 6.1.3 and 5.6.7 security update Security Announcements	1	13754	November 4, 2022

Kibana 8.14.0/7.17.22 Security Update (ESA-2024-10)

Related topics