Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2023-07417

Опубликовано: 18 сент. 2023
Источник: fstec
CVSS3: 9
CVSS2: 7.7
EPSS Низкий

Описание

Уязвимость сервиса визуализации данных Kibana связана с недостаточной защитой регистрационных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к учетным данным

Вендор

Elastic NV

Наименование ПО

Kibana

Версия ПО

8.10.0 (Kibana)

Тип ПО

Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,7)
Критический уровень опасности (базовая оценка CVSS 3.0 составляет 9)

Возможные меры по устранению уязвимости

Обновление сервиса визуализации данных Kibana до версии 8.10.1 и выше

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 49%
0.00257
Низкий

9 Critical

CVSS3

7.7 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2023-31422

CVSS3: 7.5
redhat
больше 2 лет назад

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.

nvd логотип

CVE-2023-31422

CVSS3: 9
nvd
больше 2 лет назад

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.

debian логотип

CVE-2023-31422

CVSS3: 9
debian
больше 2 лет назад

An issue was discovered by Elastic whereby sensitive information is re ...

github логотип

GHSA-7rvg-gjgp-95j7

CVSS3: 9
github
больше 2 лет назад

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.

EPSS

Процентиль: 49%
0.00257
Низкий

9 Critical

CVSS3

7.7 High

CVSS2