CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-11390

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.8%

CVSS Severity

CVSS v3 Score 5.4

References

https://discuss.elastic.co/t/kibana-7-17-24-and-8-12-0-security-update-esa-2024-20/377712

Products affected by CVE-2024-11390

Elastic » Kibana » Version: 7.17.10

cpe:2.3:a:elastic:kibana:7.17.10
Elastic » Kibana » Version: 7.17.11

cpe:2.3:a:elastic:kibana:7.17.11
Elastic » Kibana » Version: 7.17.12

cpe:2.3:a:elastic:kibana:7.17.12
Elastic » Kibana » Version: 7.17.13

cpe:2.3:a:elastic:kibana:7.17.13
Elastic » Kibana » Version: 7.17.14

cpe:2.3:a:elastic:kibana:7.17.14
Elastic » Kibana » Version: 7.17.15

cpe:2.3:a:elastic:kibana:7.17.15
Elastic » Kibana » Version: 7.17.16

cpe:2.3:a:elastic:kibana:7.17.16
Elastic » Kibana » Version: 7.17.17

cpe:2.3:a:elastic:kibana:7.17.17
Elastic » Kibana » Version: 7.17.18

cpe:2.3:a:elastic:kibana:7.17.18
Elastic » Kibana » Version: 7.17.19

cpe:2.3:a:elastic:kibana:7.17.19
Elastic » Kibana » Version: 7.17.20

cpe:2.3:a:elastic:kibana:7.17.20
Elastic » Kibana » Version: 7.17.21

cpe:2.3:a:elastic:kibana:7.17.21
Elastic » Kibana » Version: 7.17.22

cpe:2.3:a:elastic:kibana:7.17.22
Elastic » Kibana » Version: 7.17.23

cpe:2.3:a:elastic:kibana:7.17.23
Elastic » Kibana » Version: 7.17.6

cpe:2.3:a:elastic:kibana:7.17.6
Elastic » Kibana » Version: 7.17.7

cpe:2.3:a:elastic:kibana:7.17.7
Elastic » Kibana » Version: 7.17.8

cpe:2.3:a:elastic:kibana:7.17.8
Elastic » Kibana » Version: 7.17.9

cpe:2.3:a:elastic:kibana:7.17.9
Elastic » Kibana » Version: 8.10.0

cpe:2.3:a:elastic:kibana:8.10.0
Elastic » Kibana » Version: 8.10.1

cpe:2.3:a:elastic:kibana:8.10.1
Elastic » Kibana » Version: 8.10.2

cpe:2.3:a:elastic:kibana:8.10.2
Elastic » Kibana » Version: 8.10.3

cpe:2.3:a:elastic:kibana:8.10.3
Elastic » Kibana » Version: 8.10.4

cpe:2.3:a:elastic:kibana:8.10.4
Elastic » Kibana » Version: 8.11.0

cpe:2.3:a:elastic:kibana:8.11.0
Elastic » Kibana » Version: 8.11.1

cpe:2.3:a:elastic:kibana:8.11.1
Elastic » Kibana » Version: 8.11.2

cpe:2.3:a:elastic:kibana:8.11.2
Elastic » Kibana » Version: 8.11.3

cpe:2.3:a:elastic:kibana:8.11.3
Elastic » Kibana » Version: 8.11.4

cpe:2.3:a:elastic:kibana:8.11.4
Elastic » Kibana » Version: 8.4.0

cpe:2.3:a:elastic:kibana:8.4.0
Elastic » Kibana » Version: 8.4.1

cpe:2.3:a:elastic:kibana:8.4.1
Elastic » Kibana » Version: 8.4.2

cpe:2.3:a:elastic:kibana:8.4.2
Elastic » Kibana » Version: 8.4.3

cpe:2.3:a:elastic:kibana:8.4.3
Elastic » Kibana » Version: 8.5.0

cpe:2.3:a:elastic:kibana:8.5.0
Elastic » Kibana » Version: 8.5.1

cpe:2.3:a:elastic:kibana:8.5.1
Elastic » Kibana » Version: 8.5.2

cpe:2.3:a:elastic:kibana:8.5.2
Elastic » Kibana » Version: 8.5.3

cpe:2.3:a:elastic:kibana:8.5.3
Elastic » Kibana » Version: 8.6.0

cpe:2.3:a:elastic:kibana:8.6.0
Elastic » Kibana » Version: 8.6.1

cpe:2.3:a:elastic:kibana:8.6.1
Elastic » Kibana » Version: 8.6.2

cpe:2.3:a:elastic:kibana:8.6.2
Elastic » Kibana » Version: 8.6.3

cpe:2.3:a:elastic:kibana:8.6.3
Elastic » Kibana » Version: 8.7.0

cpe:2.3:a:elastic:kibana:8.7.0
Elastic » Kibana » Version: 8.7.1

cpe:2.3:a:elastic:kibana:8.7.1
Elastic » Kibana » Version: 8.8.0

cpe:2.3:a:elastic:kibana:8.8.0
Elastic » Kibana » Version: 8.8.1

cpe:2.3:a:elastic:kibana:8.8.1
Elastic » Kibana » Version: 8.8.2

cpe:2.3:a:elastic:kibana:8.8.2
Elastic » Kibana » Version: 8.9.0

cpe:2.3:a:elastic:kibana:8.9.0
Elastic » Kibana » Version: 8.9.1

cpe:2.3:a:elastic:kibana:8.9.1
Elastic » Kibana » Version: 8.9.2

cpe:2.3:a:elastic:kibana:8.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-11390

Products

Pricing

Contact Us