CVE-2024-37287 - OpenCVE

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Elastic	Kibana

Configuration 1 [-]

OR	cpe:2.3:a:elastic:kibana::::::::
	cpe:2.3:a:elastic:kibana::::::::

No data.

References

Link	Providers
https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/

History

Thu, 22 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1321

Tue, 13 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Elastic Elastic kibana
CPEs		cpe:2.3:a:elastic:kibana::::::::
Vendors & Products		Elastic Elastic kibana
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 11:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
Title		Kibana arbitrary code execution via prototype pollution
Weaknesses		CWE-94
References		https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2024-08-13T11:33:45.520Z

Updated: 2024-08-13T13:35:02.988Z

Reserved: 2024-06-05T14:21:14.942Z

Link: CVE-2024-37287

Vulnrichment

Updated: 2024-08-13T13:34:44.364Z

NVD

Status : Analyzed

Published: 2024-08-13T12:15:06.433

Modified: 2024-08-22T13:33:12.477

Link: CVE-2024-37287

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37287", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2024-06-05T14:21:14.942Z", "datePublished": "2024-08-13T11:33:45.520Z", "dateUpdated": "2024-08-13T13:35:02.988Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "repo": "https://github.com/elastic/kibana", "vendor": "Elastic", "versions": [{"lessThan": "7.17.23, 8.14.2", "status": "affected", "version": "7.7.0, 8.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution."}], "value": "A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-08-13T11:33:45.843Z"}, "references": [{"url": "https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana arbitrary code execution via prototype pollution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "elastic", "product": "kibana", "cpes": ["cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.7.0", "status": "affected", "lessThan": "7.17.23", "versionType": "semver"}, {"version": "8.0.0", "status": "affected", "lessThan": "8.14.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-13T13:32:33.624435Z", "id": "CVE-2024-37287", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T13:35:02.988Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37287", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-13T13:32:33.624435Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*"], "vendor": "elastic", "product": "kibana", "versions": [{"status": "affected", "version": "7.7.0", "lessThan": "7.17.23", "versionType": "semver"}, {"status": "affected", "version": "8.0.0", "lessThan": "8.14.2", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T13:34:44.364Z"}}], "cna": {"title": "Kibana arbitrary code execution via prototype pollution", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/elastic/kibana", "vendor": "Elastic", "product": "Kibana", "versions": [{"status": "affected", "version": "7.7.0, 8.0.0", "lessThan": "7.17.23, 8.14.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.", "supportingMedia": [{"type": "text/html", "value": "A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-08-13T11:33:45.843Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37287", "state": "PUBLISHED", "dateUpdated": "2024-08-13T13:35:02.988Z", "dateReserved": "2024-06-05T14:21:14.942Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2024-08-13T11:33:45.520Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A4E337B-545C-4BBC-9A58-7E0D9CAE53F4", "versionEndExcluding": "7.17.23", "versionStartIncluding": "7.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "143567E3-C153-414B-9EDD-52B3EF60B6AD", "versionEndExcluding": "8.14.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution."}, {"lang": "es", "value": "Se descubri\u00f3 en Kibana una falla que permit\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante con acceso a funciones de ML y conector de alertas, as\u00ed como acceso de escritura a \u00edndices internos de ML, puede desencadenar una vulnerabilidad de contaminaci\u00f3n de prototipo, lo que en \u00faltima instancia conduce a la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2024-37287", "lastModified": "2024-08-22T13:33:12.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "bressers@elastic.co", "type": "Secondary"}]}, "published": "2024-08-13T12:15:06.433", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "bressers@elastic.co", "type": "Secondary"}]}