CVE-2024-43706

HIGH7.6

JSON export Create alert

Description

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Affected products

Elastic / Kibana8.12.0 – 8.12.1

References

MISChttps://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-21/379064