CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-31415

Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.9%

CVSS Severity

CVSS v3 Score 8.8

References

https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
https://www.elastic.co/community/security/
https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
https://www.elastic.co/community/security/

Products affected by CVE-2023-31415

Elastic » Kibana » Version: 8.7.0

cpe:2.3:a:elastic:kibana:8.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31415

Products

Pricing

Contact Us