CVE-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:57

Type Values Removed Values Added
References () https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460 - Vendor Advisory () https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460 - Vendor Advisory

19 Aug 2024, 19:33

Type Values Removed Values Added
First Time Elastic kibana
Elastic
CPE cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
References () https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460 - () https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460 - Vendor Advisory
CWE NVD-CWE-noinfo

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) Un usuario con altos privilegios, al que se le permite crear paquetes de osquery personalizados 17, podría afectar la disponibilidad de Kibana al cargar un paquete de osquery creado con fines malintencionados.

19 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-19 14:15

Updated : 2024-11-21 08:57


NVD link : CVE-2024-23443

Mitre link : CVE-2024-23443

CVE.ORG link : CVE-2024-23443


JSON object : View

Products Affected

elastic

  • kibana
CWE
CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo