CVE-2023-31414

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-31414
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31414.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-31414
Published
2023-05-04T21:15:11Z
Modified
2024-07-12T20:53:12Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

References

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type
GIT
Repo
https://github.com/elastic/elasticsearch
Events
Type
GIT
Repo
https://github.com/elastic/kibana
Events