We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html assigned to them. The following Elasticsearch indices permissions are required * write privilege on the system indices .kibana_ingest* * The allow_restricted_indices flag is set to true Any of the following Kibana privileges are additionally required * Under Fleet the All privilege is granted * Under Integration the Read or All privilege is granted * Access to the fleet-setup privilege is gained through the Fleet Server’s service account token
Reserved 2024-06-05 | Published 2024-11-14 | Updated 2024-11-14 | Assigner elasticCWE-502 Deserialization of Untrusted Data
discuss.elastic.co/...-update-esa-2024-27-esa-2024-28/366119
Support options