CVE-2024-37281

{"id": "CVE-2024-37281", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-30T22:15:01.923", "references": [{"url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094", "tags": ["Patch", "Issue Tracking", "Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094", "tags": ["Patch", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Kibana donde un usuario con rol de Observador pod\u00eda provocar que una instancia de Kibana fallara al enviar una gran cantidad de solicitudes manipuladas con fines malintencionados a un endpoint espec\u00edfico."}], "lastModified": "2025-09-29T14:09:44.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F046131E-0B68-44B3-8E3A-F85FFFAB73E5", "versionEndExcluding": "7.17.23", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1EDB3A-548A-4F37-BE27-47D23FF88908", "versionEndExcluding": "8.14.0", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}