Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52974

An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them.

Published

2025-04-08T17:15:34.653

Last Modified

2025-09-30T21:36:21.957

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	kibana	< 7.17.23	Yes
Application	elastic	kibana	< 8.15.1	Yes

References

https://discuss.elastic.co/t/kibana-7-17-23-and-8-15-1-security-update-esa-2024-36/376923 Issue Tracking, Patch, Vendor Advisory ([email protected])