CVSS 3.1 Score 4.9 of 10 (medium)


Published Jun 19, 2024
Updated: Jun 20, 2024
CWE ID 400


CVE-2024-23443 is a vulnerability that affects Kibana, specifically when a high-privileged user creates custom osquery packs. This vulnerability could potentially impact the availability of Kibana by allowing the user to upload a maliciously crafted osquery pack. The base severity of this vulnerability is rated as MEDIUM, with a base score of 4.9. The privileges required for exploitation are classified as HIGH, and the attack vector is through the network. It does not require any user interaction and has no impact on integrity or confidentiality. The exploitability score is 1.2, indicating a relatively low level of exploitability. The potential danger posed by this vulnerability lies in its potential to disrupt the availability of Kibana for an organization. It is recommended to remediate this vulnerability by applying necessary patches or updates provided by the vendor to mitigate the risk it poses.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-23443 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions