VYPR
Unrated severityNVD Advisory· Published May 4, 2023· Updated Jan 29, 2025

CVE-2023-31414

CVE-2023-31414

Description

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elastic/Kibanallm-fuzzy2 versions
    8.0.0 to 8.7.0+ 1 more
    • (no CPE)range: 8.0.0 to 8.7.0
    • (no CPE)range: versions 8.0.0 through 8.7.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.