A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
CVSS Score
9.1
EPSS Score
0.006
Published
2024-08-13
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
CVSS Score
4.9
EPSS Score
0.019
Published
2024-06-19
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-06-14
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-06-13