Описание
Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.
A flaw was found in the Timelion visualization plugin in Kibana. An authenticated user can exploit this by sending a specially crafted Timelion expression. This expression overwrites internal series data properties with an excessively large quantity value. This improper validation of input quantity can lead to a Denial of Service (DoS) by causing excessive memory allocation, making the service unavailable.
Отчет
This is a MODERATE impact denial of service flaw in the Kibana Timelion visualization plugin. An authenticated user can exploit this by sending a specially crafted Timelion expression, leading to excessive memory allocation and service unavailability. This vulnerability requires an authenticated user to trigger the flaw.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel9-operator | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 8 | kibana | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | kibana | Fix deferred | ||
| Red Hat OpenShift distributed tracing 3 | rhosdt/tempo-jaeger-query-rhel9 | Fix deferred | ||
| Red Hat OpenStack Platform 16.2 | puppet-kibana3 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.
Improper Validation of Specified Quantity in Input (CWE-1284) in the T ...
Improper Validation of Specified Quantity in Input (CWE-1284) in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation (CAPEC-130). The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series data properties with an excessively large quantity value.
6.5 Medium
CVSS3