Unrated severityNVD Advisory· Published Jan 23, 2025· Updated Jan 23, 2025

Kibana exposure of sensitive information to an unauthorized actor

CVE-2024-43707

Description

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.

Affected products

Elastic/Kibanallm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 8.0.0
osv-coords2 versions
pkg:bitnami/elk pkg:bitnami/kibana
>= 8.0.0, < 8.15.0+ 1 more
- (no CPE)range: >= 8.0.0, < 8.15.0
- (no CPE)range: >= 8.0.0, < 8.15.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000