216.73.217.50

CVE-2024-43710

· Published 23/01/2025 06:15 · Modified 23/01/2025 06:15

Labels: CVE-2024-43710 2025-01-23CVE-2024-43710CWE-918[email protected]

Essential information

Published
23/01/2025 06:15
Modified
23/01/2025 06:15
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References