CVE-2023-31414

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-31414

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31414.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-31414

Published

2023-05-04T21:15:11.703Z

Modified

2026-03-15T21:45:20.376117Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

57ca5e139a33dd2eed927ce98d8231a1f217cd15

Last affected

05f12599523732051b84dde0b8d5610e0db2b06d

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.7.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31414.json"