CVE-2024-52974

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-52974

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52974.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52974

Aliases

Published

2025-04-08T17:15:34.653Z

Modified

2026-04-10T05:18:17.078172Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash.

A successful attack requires a malicious user to have read permissions for Observability assigned to them.

References

https://discuss.elastic.co/t/kibana-7-17-23-and-8-15-1-security-update-esa-2024-36/376923

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type

GIT

Repo

https://github.com/elastic/kibana

Events

Introduced

60a9838d21b6420bbdb5a4d07099111b74c68ceb

Fixed

89cafc519e1d6e0e08d8cf5c13eee6886fe6e412

Introduced

57ca5e139a33dd2eed927ce98d8231a1f217cd15

Fixed

f66ec5b0ddd990d103489c47ca1bcb97dc50bc6b

Database specific

{
    "versions": [
        {
            "introduced": "7.17.0"
        },
        {
            "fixed": "7.17.23"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.15.1"
        }
    ]
}

Affected versions

v7.*

v7.17.0

v7.17.1

v7.17.10

v7.17.11

v7.17.12

v7.17.13

v7.17.14

v7.17.15

v7.17.16

v7.17.17

v7.17.18

v7.17.19

v7.17.2

v7.17.20

v7.17.21

v7.17.22

v7.17.3

v7.17.4

v7.17.5

v7.17.6

v7.17.7

v7.17.8

v7.17.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52974.json"