Primary

Context

Elastic Kibana Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Elastic Kibana versions prior to 7.17.23 and 8.14.2. The issue arises from an unlimited allocation of resources in response to certain requests, specifically to the '/api/log_entries/summary' endpoint. This vulnerability can be exploited by users with read access to the Observability-Logs feature, potentially leading to a crash of the Kibana instance.

Impact

Exploitation of this vulnerability causes a crash of the Kibana instance, disrupting service and availability.

Remediation

Users can upgrade to Kibana versions 7.17.23 or 8.14.2 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating