Not Simon the Goat on Nostr: Elastic: Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22) CVE-2024-37287 (9.9 ...
Elastic: Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22)
CVE-2024-37287 (9.9 critical) Kibana arbitrary code execution via prototype pollution (ESA-2024-22) An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
No mention of exploitation.
#CVE_2024_37287 #Elastic #vulnerability #Kibana #CVE
CVE-2024-37287 (9.9 critical) Kibana arbitrary code execution via prototype pollution (ESA-2024-22) An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
No mention of exploitation.
#CVE_2024_37287 #Elastic #vulnerability #Kibana #CVE