Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
6DescriptionCVE.org
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
AnalysisAI
CVE-2024-43706 is an improper authorization vulnerability in Kibana's Synthetic monitor endpoint that allows authenticated users to escalate privileges through direct HTTP requests. Attackers with low-level credentials can bypass access controls to perform unauthorized actions on synthetic monitoring functionality, potentially affecting confidentiality, integrity, and availability. While the CVSS 7.6 score indicates significant risk, real-world impact depends on deployment context and whether this vulnerability is actively exploited in the wild.
Technical ContextAI
This vulnerability exists in Kibana's Synthetic Monitoring module, which is part of the Elastic Stack used for synthetic uptime and performance monitoring. The root cause is CWE-285 (Improper Authorization), indicating insufficient access control checks on HTTP endpoints designated for synthetic monitor operations. Rather than enforcing proper Role-Based Access Control (RBAC) or attribute-based access controls, the endpoint likely validates authentication (that a user exists) but fails to validate that the authenticated user has appropriate privileges to interact with synthetic monitors. This is a common pattern where authentication is conflated with authorization. The vulnerability is accessible via direct HTTP requests to the endpoint, meaning no special tooling or complex exploitation technique is required—standard HTTP clients suffice. The low attack complexity (AC:L) confirms this.
RemediationAI
- Immediate Patch: Upgrade Kibana to the patched version published by Elastic for CVE-2024-43706 (version specifics should be obtained from Elastic's official advisory). 2. Interim Mitigation: Restrict network access to Kibana's Synthetic monitor endpoints at the firewall/load-balancer level, limiting HTTP requests to trusted source IPs. 3. Access Control Review: Audit user role assignments in Kibana; ensure low-privilege users do not have synthetic monitoring privileges if not required. Implement principle of least privilege strictly. 4. Monitoring: Enable audit logging on Kibana API endpoints to detect unauthorized synthetic monitor access attempts. Monitor for unusual API calls to synthetic endpoints from low-privilege users. 5. Workaround (if patching is delayed): Disable or restrict Synthetic Monitoring features in Kibana if not in active use, via configuration settings in kibana.yml.
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated criti
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. Rated hig
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. Rated critical s
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are us
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine lea
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. Rated critical sever
Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. Rate
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document con
Kibana version 8.7.0 contains an arbitrary code execution flaw. Rated high severity (CVSS 8.8), this vulnerability is re
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. Rated high severity (CVSS 8.8), this vulne
Kibana versions up to 9.3.0 contains a vulnerability that allows attackers to read arbitrary files from the Kibana serve
Same weakness CWE-285 – Improper Authorization
View allSame technique Privilege Escalation
View allVendor StatusVendor
Debian
Bug #700337| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| open | - | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54667