Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
CVSS Information
N/A
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
Elastic Stack Kibana 安全漏洞
Vulnerability Description
Elastic Stack Kibana是美国Elastic Stack公司的一个应用系统。一个免费且开放的用户界面,能够让您对 Elasticsearch 数据进行可视化,并让您在 Elastic Stack 中进行导航。 Elastic Stack Kibana 存在安全漏洞,该漏洞源于软件中缺少对于权限的限制,对 Uptime 功能具有读取权限的用户可以修改警报规则。 具有此权限的用户将能够创建新的警报规则或覆盖现有的规则。这实际上意味着Read用户可以禁用现有的警报规则。
CVSS Information
N/A
Vulnerability Type
N/A