CVE-2024-43707

High CVSS: 7.7

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.

Vendor

Elastic

Product

Kibana

CWE

CWE-200

Yayın Tarihi

2025-01-23 06:15:27

Güncelleme

2025-09-30 20:59:28

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-200 Kibana HIGH Elastic 2025

Referanslar

https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521

Benzer Kayıtlar

Medium

CVE-2026-26939

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Resp…

Medium

CVE-2026-26940

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead De…

Medium

CVE-2026-26937

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Dat…

High

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…

Medium

CVE-2026-26934

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-on…

Medium

CVE-2026-26935

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Servi…