Описание
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
Ссылки
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.17.23 (исключая)Версия от 8.0.0 (включая) до 8.14.2 (исключая)
Одно из
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00257
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 6.5
debian
около 1 года назад
An allocation of resources without limits or throttling in Kibana can ...
CVSS3: 6.5
github
около 1 года назад
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
EPSS
Процентиль: 49%
0.00257
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-770