Kibana Broken Access Control issue (ESA-2024-15)
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
Affected Versions:
Kibana versions 8.6.3 through 8.13.4.
Solutions and Mitigations:
The issue is resolved in version 8.14.0.
Severity: CVSSv3: 4.3(Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE ID: CVE-2024-37279