{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37281", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2024-06-05T14:21:14.942Z", "datePublished": "2024-07-30T21:45:36.488Z", "dateUpdated": "2024-08-02T03:50:55.963Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kibana", "vendor": "Elastic", "versions": [{"lessThan": "7.17.23", "status": "affected", "version": "7.x", "versionType": "custom"}, {"lessThan": "8.14.0", "status": "affected", "version": "8.x", "versionType": "custom"}]}], "datePublic": "2024-07-30T21:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><span style=\"background-color: transparent;\">An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.</span></b><br>"}], "value": "An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-07-30T21:48:17.598Z"}, "references": [{"url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094"}], "source": {"discovery": "UNKNOWN"}, "title": "Kibana Denial of Service issue", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T13:30:57.400309Z", "id": "CVE-2024-37281", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T13:59:39.692Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:55.963Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37281", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-31T13:30:57.400309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T13:31:02.650Z"}}], "cna": {"title": "Kibana Denial of Service issue", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Elastic", "product": "Kibana", "versions": [{"status": "affected", "version": "7.x", "lessThan": "7.17.23", "versionType": "custom"}, {"status": "affected", "version": "8.x", "lessThan": "8.14.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-07-30T21:38:00.000Z", "references": [{"url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.", "supportingMedia": [{"type": "text/html", "value": "<b><span style=\"background-color: transparent;\">An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.</span></b><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2024-07-30T21:48:17.598Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37281", "state": "PUBLISHED", "dateUpdated": "2024-07-31T13:59:39.692Z", "dateReserved": "2024-06-05T14:21:14.942Z", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "datePublished": "2024-07-30T21:45:36.488Z", "assignerShortName": "elastic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "F046131E-0B68-44B3-8E3A-F85FFFAB73E5", "versionEndExcluding": "7.17.23", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F1EDB3A-548A-4F37-BE27-47D23FF88908", "versionEndExcluding": "8.14.0", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Kibana donde un usuario con rol de Observador pod\u00eda provocar que una instancia de Kibana fallara al enviar una gran cantidad de solicitudes manipuladas con fines malintencionados a un endpoint espec\u00edfico."}], "id": "CVE-2024-37281", "lastModified": "2025-09-29T14:09:44.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "bressers@elastic.co", "type": "Secondary"}]}, "published": "2024-07-30T22:15:01.923", "references": [{"source": "bressers@elastic.co", "tags": ["Patch", "Issue Tracking", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Issue Tracking", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "bressers@elastic.co", "type": "Secondary"}]}

{}