CVE-2024-37279

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-37279

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37279.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-37279

Aliases

Published

2024-06-13T17:15:50Z

Modified

2025-03-13T17:56:19.407218Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

References

https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8d96bbe3bf5fed931f3119733895458eab75dca9

Type: GIT
Repo: https://github.com/elastic/kibana
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3bc2979d1d65982aee7d13ebd65434c3470dc808

Affected versions

7.*

7.0-known-good

Other

deploy@1693594780

deploy@1693609987

deploy@1693853982

deploy@1693860790

deploy@1693866333

deploy@1694087994

deploy@1694162455

deploy@1694506029

deploy@1694683198

deploy@1695286747

deploy@1696328885

deploy@1696415195

deploy@1696508231

deploy@1696618725

deploy@1696873111

deploy@1697028216

deploy@1697232175

deploy@1697564183

deploy@1698046713

deploy@1698657637

deploy@1699260155

deploy@1699865290

deploy@1700491293

deploy@1701160888

deploy@1701687168

deploy@1702284899

deploy@1702367069

deploy@1702879551

deploy@1702903357

deploy@1703484304

deploy@1704089101

deploy@1704693922

deploy@1705298718

deploy@1705306975

deploy@1705903520

deploy@1706508321

deploy@1707113127

deploy@1707717945

deploy@1708322739

deploy@1708927574

deploy@1709532332

deploy@1709533819

deploy@1710137117

deploy@1710146776

deploy@1710741924

deploy@1711370131

deploy@1711952105

deploy@1712566963

deploy@1713161715

test-depl-20231013154558

test-depl-20231025084603

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.19.0.RC1

v0.19.0.RC2

v0.19.0.RC3

v0.20.0.RC1

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.90.0

v0.90.0.Beta1

v0.90.0.RC1

v0.90.0.RC2

v1.*

v1.0.0.Beta1

v1.0.0.Beta2

v1.0.0.RC1

v4.*

v4.0.0

v4.0.0-beta1

v4.0.0-beta1.1

v4.0.0-beta2

v4.0.0-beta3

v4.0.0BETA1

v4.1.0

v4.2.0-beta1

v5.*

v5.0.0-alpha1

v5.0.0-alpha2

v5.0.0-alpha3

v5.0.0-alpha4

v5.0.0-alpha5

v6.*

v6.0.0-alpha1

v6.0.0-alpha2

v7.*

v7.0.0-alpha1

v7.0.0-alpha2

v8.*

v8.0.0-alpha1

v8.0.0-alpha2