Elastic Kibana Improper Input Validation Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Elastic Kibana versions 8.4.0 prior to 8.19.11, as well as in the 9.x branch, specifically in versions 9.0.0 prior to 9.2.5 and 9.3.0. The issue arises from improper input validation in the internal Content Connectors search endpoint, which can be exploited through input data manipulation. This vulnerability is only applicable to users who have configured Content Connectors, as the affected endpoint is inaccessible without them.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, leading to increased resource consumption and potential service disruption.

Remediation

Users can upgrade to Kibana versions 8.19.12, 9.2.6, or 9.3.1 to address this vulnerability. For users who cannot upgrade, it is recommended to restrict access to Content Connectors by modifying user roles to exclude Kibana privileges for Content Connectors. This can be done by creating custom roles, removing the viewer role from users who do not need Content Connectors access, or implementing more granular feature-level privileges.