- Description
- A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet.
- Source
- bressers@elastic.co
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- bressers@elastic.co
- CWE-918
- Hype score
- Not currently trending
[중요] Elastic Kibana 보안 취약점 (CVE-2024-43707, CVE-2024-43710) 패치 권고
@virusmyths
2 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kibana has released version 8.15.0 to patch a critical vulnerability (CVE-2024-43707) exposing sensitive information and a medium severity flaw (CVE-2024-43710). Protect systems! 🚨🔒 #KibanaUpdate #DataBreach #USA link: https://t.co/xlmZlsKpTv https://t.co/pKUZ3bG5Cc
@TweetThreatNews
25 Jan 2025
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-43707: Kibana Patches High Severity Vulnerability Exposing Sensitive In CVE-2024-43707 CVE-2024-43710 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/W09LANo931 #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
25 Jan 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-43710 A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due t… https://t.co/tkn48FrquQ
@CVEnew
23 Jan 2025
485 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes