www.belgium.be Logo of the federal government

WARNING: KIBANA VULNERABILITIES (CVE-2024-43707 & CVE-2024-43710), PATCH IMMEDIATELY!

Referentie: 
Advisory #2025-21
Versie: 
1.0
Geïmpacteerde software: 
Kibana versions from 8.0.0 and before 8.15.0
Type: 
Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF)
CVE/CVSS: 

CVE-2024-43707: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVE-2024-43710: CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Bronnen

https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521

Risico’s

Kibana is a data visualization dashboard software for Elasticsearch. In a recent security update, two vulnerabilities were disclosed. The first vulnerability, ‘CVE-2024-43707’, is an unauthorized access flaw that could allow threat actors to exfiltrate sensitive information stored within Elastic agent policies. The second vulnerability, ‘CVE-2024-43710’, is an SSRF flaw that could allow threat actors to send requests to internal devices. 

Even though there are no reports of these vulnerabilities being exploited in the wild, affected systems should be patched promptly to version 8.15.0 to prevent potential abuse.

Beschrijving

CVE-2024-43707: Kibana Exposure of Sensitive Information (High Severity)

A vulnerability in Kibana allows unauthorized actors to view Elastic Agent policies, potentially exposing sensitive information. The exact nature of the exposed data depends on the enabled integrations and their versions, but it could include important details.

CVE-2024-43710: Kibana Server-Side Request Forgery (Medium Severity)

Kibana’s /api/fleet/health_check API revealed a server-side request forgery vulnerability. The flaw allows users with read access to Fleet to send crafted requests to internal endpoints. Only endpoints available over HTTPS that return JSON could be accessed.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. Kibana released version 8.15.0 which resolves the issues.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

https://nvd.nist.gov/vuln/detail/CVE-2024-43707
https://nvd.nist.gov/vuln/detail/CVE-2024-43710