Primary

Context

Elastic Kibana Improper Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability in Kibana related to improper authorization can lead to privilege escalation. This issue allows an authenticated user to bypass permission restrictions through a crafted HTTP request. As a result, an attacker without the 'live queries - read' permission can retrieve the list of live queries. The vulnerability affects all versions of Kibana 7.x, as well as versions 8.0.0 prior to 8.19.6 and versions 9.0.0 prior to 9.1.6 and 9.2.0.

Impact

Exploitation of this vulnerability could allow an authenticated user to gain unauthorized access to live query data, potentially leading to further privilege escalation or exploitation within the application.

Remediation

Users can upgrade to Kibana versions 8.19.7, 9.1.7, or 9.2.1 to address this vulnerability.

Added: Dec 18, 2025, 11:17 PM

Updated: Dec 18, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elastic Kibana Improper Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Elastic Kibana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating