CVE-2024-43707

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-43707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43707

Aliases

Published

2025-01-23T06:15:27.380Z

Modified

2026-04-10T05:16:29.071828Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.

References

https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

05f12599523732051b84dde0b8d5610e0db2b06d

Fixed

8aa0b59da12c996e3048d8875446667ee6e15c7f

Database specific

{
    "versions": [
        {
            "introduced": "8.7.0"
        },
        {
            "fixed": "8.15.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43707.json"