CVE-2024-37279
published 2024-06-13CVE-2024-37279: A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.37%
29.0th percentile
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | kibana | >= 8.6.3 < 8.14.0 | 8.14.0 |
| elastic | kibana | 8.6.3 – 8.13.4 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kibana: read-only alerting users using the run_soon API making the alerting rule run continuously
vendor_redhat·2024-06-05·CVSS 4.3
CVE-2024-37279 [MEDIUM] kibana: read-only alerting users using the run_soon API making the alerting rule run continuously
kibana: read-only alerting users using the run_soon API making the alerting rule run continuously
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
A flaw was discovered in Kibana, allowing read-only alerting users using the run_soon API making the alerting rule run continuously. This issue potentially affects the system if the alerting rule is running complex queries.
Package: openshift-logging/cluster-logging-rhel8-operator (Logging Subsystem for Red Hat OpenShift) - Affected
Package: openshift-logging/elasticsearch-rhel8-operator (Logging Subsystem for Red Hat OpenShift) - Affected
Package: openshift-lo
GHSA
GHSA-83pr-wj87-jf6x: A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially a
ghsa_unreviewed·2024-06-13
CVE-2024-37279 [MEDIUM] CWE-284 GHSA-83pr-wj87-jf6x: A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially a
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-13
Published