BIT-elk-2024-37285

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/elk/BIT-elk-2024-37285.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-elk-2024-37285

Aliases

BIT-kibana-2024-37285
CVE-2024-37285

Published

2024-11-16T07:08:55.088Z

Modified

2025-05-20T10:02:07.006Z

Summary

Kibana arbitrary code execution via YAML deserialization

Details

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html assigned to them.

The following Elasticsearch indices permissions are required

write privilege on the system indices .kibana_ingest*
The allowrestrictedindices flag is set to true

Any of the following Kibana privileges are additionally required

Under Fleet the All privilege is granted
Under Integration the Read or All privilege is granted
Access to the fleet-setup privilege is gained through the Fleet Server’s service account token

Database specific

{
    "cpes": [
        "cpe:2.3:a:elasticsearch:kibana:*:*:*:*:*:node.js:*:*"
    ],
    "severity": "Critical"
}

References

Affected packages

Bitnami / elk

Package

Name: elk
Purl: pkg:bitnami/elk

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.10.0

Fixed

8.15.1