Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2024-37287

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.

  • Published: Aug 13, 2024
  • Updated: Aug 23, 2024
  • CVE: CVE-2024-37287
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
elastic / kibana 8.0.0 8.14.2
elastic / kibana 7.7.0 7.17.23