cbcvebase.
CVE-2024-37287
published 2024-08-13

CVE-2024-37287: A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to…

PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.65%
73.5th percentile
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

Affected

3 ranges
VendorProductVersion rangeFixed in
elastickibana>= 7.7.0 < 7.17.237.17.23
elastickibana>= 7.7.0, 8.0.0 < 7.17.23, 8.14.27.17.23, 8.14.2
elastickibana>= 8.0.0 < 8.14.28.14.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.