Kibana 8.14.0 Security Update (ESA-2024-15)

Kibana Broken Access Control issue (ESA-2024-15)

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

Affected Versions:
Kibana versions 8.6.3 through 8.13.4.

Solutions and Mitigations:
The issue is resolved in version 8.14.0.

Severity: CVSSv3: 4.3(Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE ID: CVE-2024-37279

1 Like