Unrated severityNVD Advisory· Published Jan 23, 2025· Updated Jan 23, 2025

Kibana allocation of resources without limits or throttling leads to crash

CVE-2024-52972

Description

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.

Affected products

Elastic/Kibanallm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 8.0.0
osv-coords2 versions
pkg:bitnami/elk pkg:bitnami/kibana
>= 7.0.0, < 7.17.23+ 1 more
- (no CPE)range: >= 7.0.0, < 7.17.23
- (no CPE)range: >= 7.0.0, < 7.17.23

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000