Kibana arbitrary code execution (ESA-2023-07)
Kibana contains an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.
This issue does not affect Kibana instances running on Elastic Cloud as the payload required to trigger this vulnerability cannot be set in Kibana’s configuration.
This issue affects Kibana instances running on Elastic Cloud Enterprise (ECE) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf and AppArmor profiles.
This issue affects Kibana instances running on Elastic Cloud on Kubernetes (ECK) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape can be prevented by seccomp-bpf when configured and supported (Kubernetes v1.19 and later).
Affected Versions:
Kibana versions 8.0.0 to 8.7.0
Solutions and Mitigations:
Users are suggested to upgrade to 8.7.1
CVSSv3:8.2(High) - AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE ID: CVE-2023-31414
Kibana arbitrary code execution (ESA-2023-08)
Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.
This issue affects Kibana instances running on Elastic Cloud but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf and AppArmor profiles.
This issue affects Kibana instances running on Elastic Cloud Enterprise (ECE) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf and AppArmor profiles.
This issue affects Kibana instances running on Elastic Cloud on Kubernetes (ECK) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape can be prevented by seccomp-bpf when configured and supported (Kubernetes v1.19 and later).
Affected Versions:
Kibana version 8.7.0. No other versions are affected.
Solutions and Mitigations:
Upgrade to Kibana version 8.7.1
CVSSv3: 9.9(Critical) - AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE ID: CVE-2023-31415