CVE-2024-52974
MEDIUMKibana 7.17.0-7.17.23 - Denial of Service via Observability API
Title source: llmDescription
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them.
References (1)
Core 1
Core References
Issue Tracking, Patch, Vendor Advisory
https://discuss.elastic.co/t/kibana-7-17-23-and-8-15-1-security-update-esa-2024-36/376923
Scores
CVSS v3
6.5
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
elastic/kibana
7.17.0 - 7.17.23
Published
Apr 08, 2025
Tracked Since
Feb 18, 2026