www.belgium.be Logo of the federal government

Warning - 2 vulnerabilities detected in Kibana version 8! One rated as CRITICAL and one rated as HIGH!

Reference: 
Advisory #2023-51
Version: 
1.0
Affected software: 
CVE-2023-31414: Kibana versions 8.0.0 to 8.7.0
CVE-2023-31415: Kibana version 8.7.0 (No other versions are affected)
Type: 
Improper Control of Generation of Code ('Code Injection')
CVE/CVSS: 

CVE-2023-31414

CVE-2023-31415

Sources

Kibana - https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330

Risks

CVE-2023-31414: An attacker who has write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to an attacker executing arbitrary commands on the host system with permissions of the Kibana process.

CVE-2023-31415: An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to an attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Description

Kibana is a data visualisation dashboard software for Elasticsearch and is commonly used to display data from Elasticsearch. The combination of Elasticsearch, Logstash and Kibana is known as an Elastic stack ELK stack. It can display all data outputted by Elasticsearch.

If an attacker could successfully exploit CVE-2023-31414 or CVE-2023-31415, the attacker could gain access to the entire system where the Kibana software is running on. The attacker can then run arbitrary commands with the same rights as the user who is running Kibana. If the Kibana instance is running within a Docker container, the code execution is limited within the Kibana Docker container.

Since Kibana is used to visualise data, successfully exploiting CVE-2023-31414 or CVE-2023-31415 also allows access to all logs that the Kibana instance has access to.

Recommended Actions

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible to version 8.7.1 at least and to analyse system and network logs for any suspicious activity.

If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

References

Elastic Security Issues - https://www.elastic.co/community/security/

NVD - https://nvd.nist.gov/vuln/detail/CVE-2023-31414

NVD - https://nvd.nist.gov/vuln/detail/CVE-2023-31415