Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration
Vulnerability Description
Missing Authorization (CWE-862) in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration (host isolation, process termination, and process suspension) via CAPEC-1 (Accessing Functionality Not Properly Constrained by ACLs). This requires an authenticated attacker with rule management privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Elastic Kibana 安全漏洞
Vulnerability Description
Elastic Kibana是Elastic公司的一个可用数据可视化仪表板软件。 Elastic Kibana存在安全漏洞,该漏洞源于服务器端检测规则管理缺少授权,可能导致经过身份验证的攻击者配置未经授权的端点响应操作。
CVSS Information
N/A
Vulnerability Type
N/A