CVE-2023-31415

Summary

Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Affected Software

VendorProductVersion RangeStatus
ElasticKibanaversion 8.7.0affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References