CVE-2023-31414 Vulnerability Details

  /     /     /  

CVE-2023-31414 Metadata Quick Info

CVE Published: 04/05/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: elastic | Vendor: Elastic | Product: Kibana
Status : PUBLISHED

CVE-2023-31414 Description

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-94
CWE Name: CWE-94: Improper Control of Generation of Code
Source: Elastic

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).