CVE-2023-31414
CVSS V2 None
CVSS V3 None
Description
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.
Overview
- CVE ID
- CVE-2023-31414
- Assigner
- bressers@elastic.co
- Vulnerability Status
- Received
- Published Version
- 2023-05-04T21:15:11
- Last Modified Date
- 2023-05-04T21:15:11
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330 | |
https://www.elastic.co/community/security/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-31414 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31414 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-05-04 22:02:42 | Added to TrackCVE | |||
2023-05-04 22:02:46 | Weakness Enumeration | new |