Primary

Context

Kibana Exposure of Sensitive Information to Unauthorized Users Vulnerability

Vulnerability

Patched

A vulnerability exists in Kibana versions 8.0.0 prior to 8.15.0, allowing users without access to Fleet to view Elastic Agent policies that may contain sensitive information. This exposure depends on the integrations enabled for the Elastic Agent and their respective versions.

Impact

This vulnerability could lead to unauthorized access to sensitive information within Elastic Agent policies.

Remediation

Users are advised to upgrade to Kibana version 8.15.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kibana Exposure of Sensitive Information to Unauthorized Users Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating