CVE-2024-23442

Kibana open redirect issue

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Se descubrió un problema de redireccionamiento abierto en Kibana que podría llevar a que un usuario sea redirigido a un sitio web arbitrario si utiliza una URL de Kibana manipulada con fines malintencionados.

*Credits: N/A

CVSS Scores

Elasticv3.1 6.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-16 CVE Reserved
2024-06-14 CVE Published
2024-08-01 CVE Updated
2024-08-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CAPEC

References (1)

URL	Tag	Source
https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Elastic Search vendor "Elastic"		Kibana Search vendor "Elastic" for product "Kibana"				>= 8.11.1 <= 8.13.4 Search vendor "Elastic" for product "Kibana" and version " >= 8.11.1 <= 8.13.4"		en		Affected
Elastic Search vendor "Elastic"		Kibana Search vendor "Elastic" for product "Kibana"				7.17.21 Search vendor "Elastic" for product "Kibana" and version "7.17.21"		en		Affected