Elastic Kibana CrowdStrike Connector Insufficiently Protected Credentials Vulnerability

A vulnerability exists in the CrowdStrike connector for Elastic Kibana, specifically in versions 7.x prior to 7.17.29, 8.x from 8.14.0 up to 8.18.7, 8.19.x from 8.19.0 up to 8.19.4, 9.0.x from 9.0.0 up to 9.0.7, and 9.1.x from 9.1.0 up to 9.1.4. This vulnerability allows for the leakage of CrowdStrike credentials. A malicious user can access cached credentials from a CrowdStrike connector in one space by creating and running a connector in another space to which they have access.

Impact

Exploitation of this vulnerability could lead to unauthorized access to cached CrowdStrike credentials from a connector in a different space.

Remediation

Users can upgrade to CrowdStrike connector versions 8.18.8, 8.19.5, 9.0.8, or 9.1.5. For users unable to upgrade, no workarounds are available.