nvd-json-data-feeds/CVE-2024/CVE-2024-234xx/CVE-2024-23443.json

{
  "id": "CVE-2024-23443",
  "sourceIdentifier": "bressers@elastic.co",
  "published": "2024-06-19T14:15:13.360",
  "lastModified": "2024-08-19T19:33:31.207",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack."
    },
    {
      "lang": "es",
      "value": "Un usuario con altos privilegios, al que se le permite crear paquetes de osquery personalizados 17, podr\u00eda afectar la disponibilidad de Kibana al cargar un paquete de osquery creado con fines malintencionados."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      },
      {
        "source": "bressers@elastic.co",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "bressers@elastic.co",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.0.0",
              "versionEndExcluding": "7.17.22",
              "matchCriteriaId": "798CA4B3-9E66-406D-9C0D-57DF5F77FDC3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.0.0",
              "versionEndExcluding": "8.14.0",
              "matchCriteriaId": "3F1EDB3A-548A-4F37-BE27-47D23FF88908"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update-esa-2024-11/361460",
      "source": "bressers@elastic.co",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}