Primary

Context

Elastic Kibana Improper Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability exists in Elastic Kibana versions 7.x, 8.x (8.0.0 through 8.19.7), and 9.x (9.0.0 through 9.1.7 and 9.2.0 through 9.2.1) that involves improper authorization. This flaw allows an authenticated user to escalate privileges by changing a document's sharing type to 'global' without having the necessary permissions. As a result, the document becomes visible to everyone in the space through a crafted HTTP request.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain access to documents they should not be able to share or view.

Remediation

Users can upgrade to Kibana versions 8.19.8, 9.1.8, or 9.2.2 to address this vulnerability.

Added: Dec 18, 2025, 11:23 PM

Updated: Dec 18, 2025, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Improper Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating