Primary

Context

Kibana Prototype Pollution Vulnerability Leading to Code Injection

Vulnerability

Patched

A prototype pollution vulnerability has been identified in Kibana, specifically in versions 8.16.1 through 8.17.1. This vulnerability can lead to code injection by exploiting unrestricted file uploads combined with path traversal.

Impact

Exploitation of this vulnerability allows for prototype pollution, which can lead to code injection.

Remediation

Users should upgrade to Kibana versions 8.16.4, 8.17.2 or higher. For those unable to upgrade to these versions, the integration assistant can be disabled by setting 'xpack.integration_assistant.enabled' to 'false' in the 'kibana.yml' configuration file.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kibana Prototype Pollution Vulnerability Leading to Code Injection

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating