Kibana Security Update Advisory (CVE-2024-37287)

Aug 08 2024

Overview

Kibana has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-37287

Kibana 8.x versions: ~ 8.14.2 (excluding)
Kibana 7.x version: ~ 7.17.23 (excluded)

Resolved Vulnerabilities

An attacker with access to ML and Alerting connector functions and write access to internal ML indexes could trigger a prototype taint vulnerability, allowing arbitrary code execution (CVE-2024-37287)

Vulnerability Patches

The following Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-37287

Kibana 8.x version: 8.14.2
Kibana 7.x version: 7.17.23

Referenced Sites

[1] Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22)

https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424

Kibana Security Update Advisory (CVE-2024-37287)

MS Family August 2024 Routine Security Update Advisory

Mozilla Products August 2024 1st Security Update Advisory

Tags:

MS Family August 2024 Routine Security Update Advisory

Mozilla Products August 2024 1st Security Update Advisory