CVE-2024-37279

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:23

Type Values Removed Values Added
References () https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 - Vendor Advisory () https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 - Vendor Advisory

03 Oct 2024, 17:33

Type Values Removed Values Added
References () https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 - () https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 - Vendor Advisory
CWE NVD-CWE-Other
Summary
  • (es) Se descubrió una falla en Kibana, que permite a los usuarios de alertas de solo visualización usar la API run_soon, lo que hace que la regla de alerta se ejecute continuamente, lo que podría afectar la disponibilidad del sistema si la regla de alerta ejecuta consultas complejas.
CPE cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
First Time Elastic kibana
Elastic

13 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-13 17:15

Updated : 2024-11-21 09:23


NVD link : CVE-2024-37279

Mitre link : CVE-2024-37279

CVE.ORG link : CVE-2024-37279


JSON object : View

Products Affected

elastic

  • kibana