Unrated severityNVD Advisory· Published Sep 9, 2024· Updated Sep 17, 2024
CVE-2024-37288
CVE-2024-37288
Description
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and have configured an Amazon Bedrock connector https://www.elastic.co/guide/en/security/current/assistant-connect-to-bedrock.html .
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 8.15.0, < 8.15.1+ 1 more
- (no CPE)range: >= 8.15.0, < 8.15.1
- (no CPE)range: >= 8.15.0, < 8.15.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.