Kibana Patches High Severity Vulnerability Exposing Sensitive Information

Summary: Kibana has released a security update (version 8.15.0) to address two vulnerabilities, including a high severity flaw (CVE-2024-43707) that could expose sensitive information. The update is critical for all users, as it also addresses a medium severity server-side request forgery (CVE-2024-43710) vulnerability. Users are strongly encouraged to upgrade immediately to protect their systems.

Threat Actor: Unknown | unknown
Victim: Kibana Users | kibana users

Keypoints :

• Critical vulnerability (CVE-2024-43707) allows unauthorized access to sensitive Elastic Agent policies.
• Medium severity vulnerability (CVE-2024-43710) enables server-side request forgery via the /api/fleet/health_check API.
• All Kibana users are advised to upgrade to version 8.15.0 to mitigate these risks.