Date of Disclosure: August 8, 2024
CVE-ID and CVSS Score: CVE-2024-37287: CVSS 9.9
Issue Name and Description: Elastic Kibana Prototype Tainting RCE Vulnerability
Asset Description: The Elastic Kibana instance is a powerful, web-based data visualization and exploration tool that provides real-time insights into the data indexed in the Elasticsearch cluster. It is an essential component of the Elastic Stack (formerly known as the ELK Stack) that allows users to create interactive dashboards, perform complex queries, and analyze large datasets through visualizations such as charts, maps, and graphs.
Vulnerability Impact: A threat actor with access to ML and Alerting connector functions and write access to internal ML indexes could trigger a prototype taint vulnerability, allowing arbitrary code execution.
Exploitation Details: The vulnerabilities stem from prototype tainting flaws in Kibana’s ML and Alerting connector. An attacker could inject malicious payloads into the internal ML indexes that are then executed on the server, allowing for remote code execution.
There are currently no public PoCs.
Patch Availability: Elastic has released patches to address these vulnerabilities. Self-hosted instances should be updated immediately to the latest patched version.
Censys Perspective:
At the time of writing, Censys observes 5,183 exposed devices online.
To identify potentially vulnerable Kibana instances, the following Censys queries can be used (Please note these do not filter by version):
References: