CVE-2024-43710

Medium CVSS: 4.3

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet.

Vendor

Elastic

Product

Kibana

CWE

CWE-918

Yayın Tarihi

2025-01-23 06:15:27

Güncelleme

2025-09-30 20:58:49

Source Identifier

security@elastic.co

KEV Date Added

Kategoriler

CWE-918 Kibana MEDIUM Elastic 2025

Referanslar

https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521

Benzer Kayıtlar

Medium

CVE-2026-26939

Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Resp…

Medium

CVE-2026-26940

Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead De…

Medium

CVE-2026-26937

Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Dat…

High

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which cou…

Medium

CVE-2026-26934

Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-on…

Medium

CVE-2026-26935

Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Servi…