Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-31415


Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.


Published

2023-05-04T21:15:11.760

Last Modified

2025-01-29T18:15:46.620

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-94
  • Type: Primary
    CWE-94

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application elastic kibana 8.7.0 Yes

References