Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation
Vulnerability Description
Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector actions. The application attempts to process specially crafted email format, resulting in complete service unavailability for all users until manual restart is performed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Elastic Kibana Email Connector 安全漏洞
Vulnerability Description
Elastic Kibana Email Connector是荷兰Elastic公司的一个电子邮件服务连接组件。 Elastic Kibana Email Connector存在安全漏洞,该漏洞源于输入验证不当,可能导致通过特制电子邮件地址参数进行过度分配,造成服务完全不可用。
CVSS Information
N/A
Vulnerability Type
N/A