CVE-2024-37279 - Vulnerability Details - OpenCVE

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00124.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Elastic	Kibana

Configuration 1 [-]

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36555	A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887
https://nvd.nist.gov/vuln/detail/CVE-2024-37279
https://www.cve.org/CVERecord?id=CVE-2024-37279

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00236}`	epss `{'score': 0.00128}`

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00195}`	epss `{'score': 0.00236}`

Thu, 13 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Thu, 03 Oct 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Elastic Elastic kibana
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:elastic:kibana::::::::
Vendors & Products		Elastic Elastic kibana

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2024-06-13T17:04:41.737Z

Updated: 2025-03-13T15:59:46.351Z

Reserved: 2024-06-05T14:21:14.941Z

Link: CVE-2024-37279

Vulnrichment

Updated: 2024-08-02T03:50:55.975Z

NVD

Status : Modified

Published: 2024-06-13T17:15:50.770

Modified: 2025-03-13T16:15:20.190

Link: CVE-2024-37279

Redhat

Severity : Moderate

Publid Date: 2024-06-05T00:00:00Z

Links: CVE-2024-37279 - Bugzilla

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37279", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2024-06-05T14:21:14.941Z", "datePublished": "2024-06-13T17:04:41.737Z", "dateUpdated": "2025-03-13T15:59:46.351Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "8.13.4", "status": "affected", "version": "8.6.3", "versionType": "semver"}]}], "datePublic": "2024-06-05T20:45:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.<br>"}], "value": "A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-06-13T17:04:41.737Z"}, "references": [{"url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana Broken Access Control issue", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T19:11:41.513032Z", "id": "CVE-2024-37279", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T15:59:46.351Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:55.975Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:55.975Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-13T19:11:41.513032Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T19:11:51.715Z"}}], "cna": {"title": "Kibana Broken Access Control issue", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Elastic", "product": "Kibana", "versions": [{"status": "affected", "version": "8.6.3", "versionType": "semver", "lessThanOrEqual": "8.13.4"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-05T20:45:00.000Z", "references": [{"url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.", "supportingMedia": [{"type": "text/html", "value": "A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.<br>", "base64": false}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-06-13T17:04:41.737Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37279", "state": "PUBLISHED", "dateUpdated": "2025-03-13T15:59:46.351Z", "dateReserved": "2024-06-05T14:21:14.941Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2024-06-13T17:04:41.737Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "A430F00B-7304-4010-BB6E-FF17D4320ED6", "versionEndExcluding": "8.14.0", "versionStartIncluding": "8.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries."}, {"lang": "es", "value": "Se descubri\u00f3 una falla en Kibana, que permite a los usuarios de alertas de solo visualizaci\u00f3n usar la API run_soon, lo que hace que la regla de alerta se ejecute continuamente, lo que podr\u00eda afectar la disponibilidad del sistema si la regla de alerta ejecuta consultas complejas."}], "id": "CVE-2024-37279", "lastModified": "2025-03-13T16:15:20.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "bressers@elastic.co", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-13T17:15:50.770", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kibana: read-only alerting users using the run_soon API making the alerting rule run continuously", "id": "2290676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290676"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "details": ["A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.", "A flaw was discovered in Kibana, allowing read-only alerting users using the run_soon API making the alerting rule run continuously. This issue potentially affects the system if the alerting rule is running complex queries."], "name": "CVE-2024-37279", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/cluster-logging-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/elasticsearch-rhel8-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/ose-logging-kibana5", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "package_name": "puppet-kibana3", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Out of support scope", "package_name": "puppet-kibana3", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2024-06-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-37279\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-37279\nhttps://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887"], "threat_severity": "Moderate"}