Primary

Context

Kibana Unrestricted File Upload Vulnerability Allowing Integrity Compromise

Vulnerability

Patched

A vulnerability in Kibana versions 7.17.0 to 7.17.18 and 8.0.0 to 8.12.3 allows unrestricted file uploads. This issue enables authenticated attackers to compromise software integrity by uploading malicious files, exploiting inadequate server-side validation.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, allowing for potential manipulation or replacement of existing files, which could be used to execute malicious code or disrupt normal application operations.

Remediation

Users can upgrade to Kibana versions 7.17.19 or higher, or 8.13.0 or higher, to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kibana Unrestricted File Upload Vulnerability Allowing Integrity Compromise

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating