Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43710

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet.

Published

2025-01-23T06:15:27.550

Last Modified

2025-09-30T20:58:49.520

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	< 8.15.0	Yes

References

https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521 Issue Tracking, Patch, Vendor Advisory ([email protected])