CVE-2024-23442

MEDIUM6.1EPSS 0.34%

Kibana open redirect issue

Published: 6/18/2024Modified: 5/20/2025

Description

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Affected packages (2)

Bitnami/elkfrom 0, < 7.17.22, >= 8.11.1, < 8.14.0
Bitnami/kibanafrom 0, < 7.17.22, >= 8.11.1, < 8.14.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (2)

WEBhttps://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-23442