CVE-2017-8452Missing Release of File Descriptor or Handle after Effective Lifetime in Kibana

CWE-775Missing Release of File Descriptor or Handle after Effective LifetimeCWE-769DEPRECATED: Uncontrolled File Descriptor ConsumptionCWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedJun 16
Latest updateMay 13

Description

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDelastic/kibana5.2.0
CVEListV5elastic/kibanabefore 5.2.1

🔴Vulnerability Details

2
GHSA
GHSA-p36j-6ff2-h5mm: Kibana versions prior to 52022-05-13
CVEList
CVE-2017-8452: Kibana versions prior to 52017-06-16

📋Vendor Advisories

1
Red Hat
kibana: Resource exhaustion via file descriptors clean up failure2017-07-10

💬Community

1
Bugzilla
CVE-2017-8452 kibana: Resource exhaustion via file descriptors clean up failure2017-07-26
CVE-2017-8452 — Elastic Kibana vulnerability | cvebase