Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68389

Опубликовано: 18 дек. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.

A flaw was found in Kibana. A low-privileged authenticated user can exploit this vulnerability by sending a specially crafted HTTP request, leading to an excessive allocation of computing resources. This can result in a denial of service (DoS) for the Kibana process, making the service unavailable to legitimate users.

Отчет

This vulnerability is rated Important for Red Hat. A low-privileged authenticated user can exploit a flaw in Kibana by sending a specially crafted HTTP request, leading to excessive allocation of computing resources and a denial of service (DoS) of the Kibana process. This affects Kibana as deployed in OpenShift Container Platform, specifically the openshift-logging/kibana6-rhel8 component.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2423745Kibana: Kibana: Denial of Service via excessive resource allocation from crafted HTTP requests

EPSS

Процентиль: 50%
0.00265
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-68389

CVSS3: 6.5
nvd
4 месяца назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.

debian логотип

CVE-2025-68389

CVSS3: 6.5
debian
4 месяца назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...

github логотип

GHSA-pqm3-5mc5-3xcm

CVSS3: 6.5
github
4 месяца назад

Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.

EPSS

Процентиль: 50%
0.00265
Низкий

6.5 Medium

CVSS3