CVE-2024-23443

Опубликовано: 14 июн. 2024

Источник: redhat

CVSS3: 4.9

EPSS Низкий

Описание

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.

A flaw was found in Kibana. A high-privileged user, allowed to create custom osquery packs, could affect the availability of Kibana by uploading a maliciously crafted osquery pack.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/cluster-logging-rhel8-operator	Under investigation
Logging Subsystem for Red Hat OpenShift	openshift-logging/elasticsearch-rhel8-operator	Under investigation
Logging Subsystem for Red Hat OpenShift	openshift-logging/kibana6-rhel8	Under investigation
Red Hat OpenShift Container Platform 3.11	kibana	Not affected
Red Hat OpenShift Container Platform 3.11	openshift3/ose-logging-kibana5	Under investigation
Red Hat OpenStack Platform 16.1	puppet-kibana3	Under investigation
Red Hat OpenStack Platform 16.2	puppet-kibana3	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2292364kibana: uncontrolled resource consumption

EPSS

Процентиль: 84%

0.02217

Низкий

4.9 Medium

CVSS3

Связанные уязвимости

CVE-2024-23443

CVSS3: 4.9

nvd

больше 1 года назад

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.

CVE-2024-23443

CVSS3: 4.9

debian

больше 1 года назад

A high-privileged user, allowed to create custom osquery packs 17 coul ...

GHSA-ffp9-g6g3-h9m5

CVSS3: 4.9

github

больше 1 года назад

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.

EPSS

Процентиль: 84%

0.02217

Низкий

4.9 Medium

CVSS3