{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37285", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2024-06-05T14:21:14.942Z", "datePublished": "2024-11-14T16:49:16.594Z", "dateUpdated": "2024-11-14T18:48:27.837Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "vendor": "Elastic", "versions": [{"lessThanOrEqual": "8.15.0", "status": "affected", "version": "8.10.0", "versionType": "semver"}]}], "datePublic": "2024-09-05T15:42:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv\">Elasticsearch indices privileges</a>&nbsp;and <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html\">Kibana privileges</a>&nbsp;assigned to them.<br><br></p><p>The following Elasticsearch indices permissions are required</p><ul><li><code>write</code>&nbsp;privilege on the system indices <code>.kibana_ingest*</code></li><li>The <code>allow_restricted_indices</code>&nbsp;flag is set to <code>true</code></li></ul><p>Any of the following Kibana privileges are additionally required</p><ul><li>Under <code>Fleet</code>&nbsp;the <code>All</code>&nbsp;privilege is granted</li><li>Under <code>Integration</code>&nbsp;the <code>Read</code>&nbsp;or <code>All</code>&nbsp;privilege is granted</li><li>Access to the <code>fleet-setup</code>&nbsp;privilege is gained through the Fleet Server\u2019s service account token</li></ul><p></p><br>"}], "value": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv \u00a0and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html \u00a0assigned to them.\n\n\n\nThe following Elasticsearch indices permissions are required\n\n * write\u00a0privilege on the system indices .kibana_ingest*\n * The allow_restricted_indices\u00a0flag is set to true\n\n\nAny of the following Kibana privileges are additionally required\n\n * Under Fleet\u00a0the All\u00a0privilege is granted\n * Under Integration\u00a0the Read\u00a0or All\u00a0privilege is granted\n * Access to the fleet-setup\u00a0privilege is gained through the Fleet Server\u2019s service account token"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-11-14T16:54:35.562Z"}, "references": [{"url": "https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana arbitrary code execution via YAML deserialization", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "elastic", "product": "kibana", "cpes": ["cpe:2.3:a:elastic:kibana:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.10.0", "status": "affected", "lessThanOrEqual": "8.15.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T18:46:46.588026Z", "id": "CVE-2024-37285", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:48:27.837Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37285", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-14T18:46:46.588026Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elastic:kibana:-:*:*:*:*:*:*:*"], "vendor": "elastic", "product": "kibana", "versions": [{"status": "affected", "version": "8.10.0", "versionType": "semver", "lessThanOrEqual": "8.15.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:48:20.126Z"}}], "cna": {"title": "Kibana arbitrary code execution via YAML deserialization", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Elastic", "product": "Kibana", "versions": [{"status": "affected", "version": "8.10.0", "versionType": "semver", "lessThanOrEqual": "8.15.0"}], "defaultStatus": "unaffected"}], "datePublic": "2024-09-05T15:42:00.000Z", "references": [{"url": "https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv \u00a0and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html \u00a0assigned to them.\n\n\n\nThe following Elasticsearch indices permissions are required\n\n * write\u00a0privilege on the system indices .kibana_ingest*\n * The allow_restricted_indices\u00a0flag is set to true\n\n\nAny of the following Kibana privileges are additionally required\n\n * Under Fleet\u00a0the All\u00a0privilege is granted\n * Under Integration\u00a0the Read\u00a0or All\u00a0privilege is granted\n * Access to the fleet-setup\u00a0privilege is gained through the Fleet Server\u2019s service account token", "supportingMedia": [{"type": "text/html", "value": "<p>A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv\">Elasticsearch indices privileges</a>&nbsp;and <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html\">Kibana privileges</a>&nbsp;assigned to them.<br><br></p><p>The following Elasticsearch indices permissions are required</p><ul><li><code>write</code>&nbsp;privilege on the system indices <code>.kibana_ingest*</code></li><li>The <code>allow_restricted_indices</code>&nbsp;flag is set to <code>true</code></li></ul><p>Any of the following Kibana privileges are additionally required</p><ul><li>Under <code>Fleet</code>&nbsp;the <code>All</code>&nbsp;privilege is granted</li><li>Under <code>Integration</code>&nbsp;the <code>Read</code>&nbsp;or <code>All</code>&nbsp;privilege is granted</li><li>Access to the <code>fleet-setup</code>&nbsp;privilege is gained through the Fleet Server\u2019s service account token</li></ul><p></p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-11-14T16:54:35.562Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37285", "state": "PUBLISHED", "dateUpdated": "2024-11-14T18:48:27.837Z", "dateReserved": "2024-06-05T14:21:14.942Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2024-11-14T16:49:16.594Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "A43056B3-82DB-47C7-83C9-79C1E628221C", "versionEndIncluding": "8.15.0", "versionStartIncluding": "8.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv \u00a0and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html \u00a0assigned to them.\n\n\n\nThe following Elasticsearch indices permissions are required\n\n * write\u00a0privilege on the system indices .kibana_ingest*\n * The allow_restricted_indices\u00a0flag is set to true\n\n\nAny of the following Kibana privileges are additionally required\n\n * Under Fleet\u00a0the All\u00a0privilege is granted\n * Under Integration\u00a0the Read\u00a0or All\u00a0privilege is granted\n * Access to the fleet-setup\u00a0privilege is gained through the Fleet Server\u2019s service account token"}, {"lang": "es", "value": "Un problema de deserializaci\u00f3n en Kibana puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario cuando Kibana intenta analizar un documento YAML que contiene un payload manipulado. Un ataque exitoso requiere que un usuario malintencionado tenga una combinaci\u00f3n de privilegios espec\u00edficos de \u00edndices de Elasticsearch https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv y privilegios de Kibana https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html asignados a ellos. Se requieren los siguientes permisos de \u00edndices de Elasticsearch * privilegio de escritura en los \u00edndices del sistema .kibana_ingest* * El indicador allow_restricted_indices est\u00e1 configurado en verdadero Cualquiera de los siguientes privilegios de Kibana tambi\u00e9n se requiere * En Fleet, se otorga el privilegio All * En Integration, se otorga el privilegio Read o All * El acceso al privilegio de configuraci\u00f3n de la flota se obtiene a trav\u00e9s del token de cuenta de servicio del servidor Fleet"}], "id": "CVE-2024-37285", "lastModified": "2025-10-01T18:36:35.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "bressers@elastic.co", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-14T17:15:06.457", "references": [{"source": "bressers@elastic.co", "tags": ["Patch", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "bressers@elastic.co", "type": "Secondary"}]}

{}

{}