CVE-2024-43706Improper Authorization in Kibana

CWE-285Improper Authorization3 documents3 sources
Severity
8.8HIGHNVD
CNA7.6
EPSS
0.3%
top 49.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedJun 10

Description

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5elastic/kibana8.12.08.12.1
NVDelastic/kibana8.12.0

🔴Vulnerability Details

2
CVEList
Kibana Improper Authorization2025-06-10
GHSA
GHSA-33m4-3j2c-23xq: Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint2025-06-10
CVE-2024-43706 — Improper Authorization in Elastic | cvebase