Kibana version 8.12.0 Vulnerabilities

baskarsp · May 1, 2024, 5:31pm

Hello Team,
Currently we are using elastic Kibana version 8.12.0, and our internal security tool identified there are three critical Vulnerabilities as provided below in the screenshot with Kibana version 8.12.0. Could you please let me know more details about how these reported CVE packages are used in Kibana and what would be the actual impact of these Vulnerabilities in Kibana while using it.

Also let us know if you have any other details for those vulnerabilities how it can be addressed.

https://nvd.nist.gov/vuln/detail/CVE-2023-42282
https://nvd.nist.gov/vuln/detail/CVE-2023-36665

Marco_Liberati · May 2, 2024, 2:19pm

Hi @baskarsp

you can email with the description of the issue to security@elastic.co .
For more info about our security policy, please refer to: Security issues | Elastic

baskarsp · May 3, 2024, 5:43am

Thank you Marco. I sent a email to security@elastic.co and few days ago and i am still waiting for feedback.

Topic		Replies	Views
ELK Security Kibana	6	78	August 26, 2024
Node.js vulnerabilities Kibana	3	266	May 10, 2024
Are there updates for kibana 7.17? Elastic Search	3	76	October 8, 2024
When will the patch be available for CVE-2023-38552/39331/39332/44487 upgrading nodejs >= 18.18.2 Elastic Security	9	582	December 12, 2023
Impact of CVE-2023-32002,CVE-2023-32003,CVE-2023-32004,CVE-2023-32005,CVE-2023-32006,CVE-2023-32558,CVE-2023-32559 on Kibana v8.6.2 Kibana	1	143	June 7, 2024

Kibana version 8.12.0 Vulnerabilities

Related Topics