CVE-2024-37279 MEDIUM

CVE-2024-37279: Kibana Broken Access Control issue

Vendor Elastic
Product Kibana
Published June 13, 2024
Last update March 13, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

Key dates

02Disclosure timeline

June 13, 2024 CVE published
March 13, 2025 Record updated