CVE-2024-37287
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Aug 13, 2024
Updated: Aug 22, 2024
CWE ID 94
CWE ID 1321
Summary
CVE-2024-37287 is a newly discovered vulnerability in Kibana. Malicious actors with specific permissions, including access to Machine Learning (ML) and Alerting connector features and write access to internal ML indices, can exploit a prototype pollution vulnerability. This flaw ultimately results in arbitrary code execution, allowing attackers to gain unauthorized control over affected Kibana instances. Organizations using Kibana are advised to apply the necessary patches or updates to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Elastic Kibana
Affected Vendors
- Elastic