A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 | Vendor Advisory |
https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 | Vendor Advisory |
Configurations
History
21 Nov 2024, 09:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 - Vendor Advisory |
03 Oct 2024, 17:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887 - Vendor Advisory | |
CWE | NVD-CWE-Other | |
Summary |
|
|
CPE | cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* | |
First Time |
Elastic kibana
Elastic |
13 Jun 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-13 17:15
Updated : 2024-11-21 09:23
NVD link : CVE-2024-37279
Mitre link : CVE-2024-37279
CVE.ORG link : CVE-2024-37279
JSON object : View
Products Affected
elastic
- kibana
CWE