CVE-2024-52974Uncontrolled Resource Consumption in Kibana

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 47.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Kibana
Timeline
PublishedApr 8

Description

An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDelastic/kibana7.17.07.17.23+1
CVEListV5elastic/kibana7.17.07.17.22+1

Patches

Patch: discuss.elastic.co

🔴Vulnerability Details

2
CVEList
CVE-2024-52974: An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash2025-04-08
GHSA
GHSA-95rc-q9jr-6jhg: An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash2025-04-08
CVE-2024-52974 — Uncontrolled Resource Consumption | cvebase