Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-37287

Опубликовано: 13 авг. 2024
Источник: debian

Описание

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
kibanaitppackage

Связанные уязвимости

nvd логотип

CVE-2024-37287

CVSS3: 9.1
nvd
больше 1 года назад

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

github логотип

GHSA-7fgx-pmw9-49h5

CVSS3: 9.1
github
больше 1 года назад

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

fstec логотип

BDU:2024-06005

CVSS3: 9.9
fstec
больше 1 года назад

Уязвимость функций коннектора ML и Alerting сервиса визуализации данных Kibana, позволяющая нарушителю выполнить произвольный код