Not Simon the Goat on Nostr: Elastic: Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22) CVE-2024-37287 (9.9 ...
Elastic: Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22)
CVE-2024-37287 (9.9 critical) Kibana arbitrary code execution via prototype pollution (ESA-2024-22) An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
No mention of exploitation.
#CVE_2024_37287 #Elastic #vulnerability #Kibana #CVE
Published at
2024-08-05 22:54:45Event JSON
{
"id": "c902c11d43ee99aa354ab2b39f830e1fc36132f72fbd23546c1843dcc8773a07",
"pubkey": "c65691145402e71ffc943862badf66302e47b37f5285441c6ccc592cc114408d",
"created_at": 1722898485,
"kind": 1,
"tags": [
[
"t",
"cve_2024_37287"
],
[
"t",
"elastic"
],
[
"t",
"vulnerability"
],
[
"t",
"kibana"
],
[
"t",
"cve"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/112911875119793739",
"activitypub"
]
],
"content": "Elastic: Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22)\nCVE-2024-37287 (9.9 critical) Kibana arbitrary code execution via prototype pollution (ESA-2024-22) An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.\nNo mention of exploitation.\n\n#CVE_2024_37287 #Elastic #vulnerability #Kibana #CVE",
"sig": "8256937267a0c637aa4833d9908d88bf0755ed21b1b2800b5dc7c7ad48bdfc8ad3cbb04b008ae78a5f20bf9825ec988f3d2acf0c06121f7057684b6601961abc"
}