Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68422

Опубликовано: 18 дек. 2025
Источник: redhat
CVSS3: 4.3

Описание

Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.

A flaw was found in Kibana. An authenticated user can exploit this vulnerability by sending a specially crafted HTTP request, which bypasses intended permission restrictions. This improper authorization allows an attacker, who lacks the "live queries - read" permission, to successfully retrieve the list of live queries, leading to information disclosure and potential privilege escalation.

Отчет

This vulnerability is rated Moderate for Red Hat. An authenticated user in Kibana, as deployed in OpenShift Container Platform, can exploit an improper authorization flaw to bypass intended permission restrictions. This allows the user to retrieve a list of live queries, leading to information disclosure and potential privilege escalation.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=2423747Kibana: Kibana: Privilege escalation and information disclosure via improper authorization

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-68422

CVSS3: 4.3
nvd
4 месяца назад

Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.

debian логотип

CVE-2025-68422

CVSS3: 4.3
debian
4 месяца назад

Improper Authorization (CWE-285) in Kibana can lead to privilege escal ...

github логотип

GHSA-v7q8-5286-xfvf

CVSS3: 4.3
github
4 месяца назад

Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.

fstec логотип

BDU:2026-00012

CVSS3: 4.3
fstec
4 месяца назад

Уязвимость сервиса визуализации данных Kibana, связанная с ошибками авторизации, позволяющая нарушителю повысить привилегии

4.3 Medium

CVSS3