CVE-2024-43708

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548	Patch Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elastic:kibana::::::::
	cpe:2.3:a:elastic:kibana::::::::

History

30 Sep 2025, 20:56

Type	Values Removed	Values Added
References	~~() https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548 -~~	() https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548 - Patch, Issue Tracking, Vendor Advisory
Summary		(es) Una asignación de recursos sin límites ni limitaciones en Kibana puede provocar un bloqueo causado por un payload especialmente manipulado para una serie de entradas en la interfaz de usuario de Kibana. Esto lo pueden llevar a cabo los usuarios con acceso de lectura a cualquier función de Kibana.
CPE		cpe:2.3:a:elastic:kibana::::::::
First Time		Elastic kibana Elastic

23 Jan 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-23 11:15

Updated : 2025-09-30 20:56

NVD link : CVE-2024-43708

Mitre link : CVE-2024-43708

CVE.ORG link : CVE-2024-43708

JSON object : View

Products Affected

elastic

kibana

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

6.5 /10