It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.
Metrics
Affected Vendors & Products
References
History
Mon, 02 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: elastic
Published: 2023-11-22T00:30:56.115Z
Updated: 2024-12-02T20:33:49.277Z
Reserved: 2021-01-04T20:17:39.859Z
Link: CVE-2021-22150

Updated: 2024-08-03T18:37:18.497Z

Status : Modified
Published: 2023-11-22T01:15:07.417
Modified: 2024-11-21T05:49:36.290
Link: CVE-2021-22150

No data.