Elastic Kibana Prototype Pollution Vulnerability Leading to Arbitrary Code Execution

A prototype pollution vulnerability in Elastic Kibana allows for arbitrary code execution through a manipulated file upload and specially crafted HTTP requests. This issue affects Kibana versions 8.15.0 and 8.16.6, as well as versions 8.17.0 to 8.17.2. In versions 8.15.0 to 8.17.1, the vulnerability can be exploited by users with the Viewer role. However, in Kibana versions 8.17.1 and 8.17.2, exploitation is limited to users with roles that include the 'fleet-all', 'integrations-all', and 'actions:execute-advanced-connectors' privileges. Notably, this vulnerability does not impact self-managed Kibana instances on Basic or Platinum licenses, but affects Kibana instances on Elastic Cloud, where the code execution is confined within the Kibana Docker container.

Impact

Exploitation of this vulnerability allows for arbitrary code execution within the Kibana Docker container on Elastic Cloud.

Remediation

Users are advised to upgrade to Kibana versions 8.16.6 or 8.17.3. For those unable to upgrade, set 'xpack.integration_assistant.enabled: false' in Kibana's configuration.