CVE-2024-43708

Summary

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.

Affected Software

VendorProductVersion RangeStatus
ElasticKibana8.0.0 < 8.15.0affected
ElasticKibana7.0.0 < 7.17.23affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References