// For flags

CVE-2022-23709

 

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.

Se ha detectado un fallo en Kibana en el que usuarios con acceso de lectura a la función de tiempo de actividad podían modificar las reglas de alerta. Un usuario con este privilegio podría crear nuevas reglas de alerta o sobrescribir las existentes. Sin embargo, cualquier regla nueva o modificada no se habilitaría, y un usuario con este privilegio no podría modificar los conectores de alerta. Esto significa efectivamente que los usuarios de Read podrían deshabilitar las reglas de alerta existentes

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-03-03 CVE Published
  • 2023-09-24 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Elastic
Search vendor "Elastic"
 Kibana
Search vendor "Elastic" for product "Kibana"
 >= 7.7.0 < 7.17.1
Search vendor "Elastic" for product "Kibana" and version " >= 7.7.0 < 7.17.1"
-
Affected
Elastic
Search vendor "Elastic"
 Kibana
Search vendor "Elastic" for product "Kibana"
 8.0.0
Search vendor "Elastic" for product "Kibana" and version "8.0.0"
-
Affected