CVE-2023-31414

Опубликовано: 04 мая 2023

Источник: nvd

CVSS3: 8.8

CVSS3: 8.2

EPSS Низкий

Описание

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Ссылки

https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
Vendor Advisory
https://www.elastic.co/community/security/
Vendor Advisory
https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
Vendor Advisory
https://www.elastic.co/community/security/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.7.0 (включая)

EPSS

Процентиль: 44%

0.00219

Низкий

8.8 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

CVE-2023-31414

CVSS3: 8.8

debian

почти 3 года назад

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code executio ...

GHSA-2gwg-52c6-q2hx

CVSS3: 8.8

github

почти 3 года назад

EPSS

Процентиль: 44%

0.00219

Низкий

8.8 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-94