Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Vulnerability Description
Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana user with Fleet sub-feature privileges (such as agents, agent policies, and settings management).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
Elastic Kibana Fleet 安全漏洞
Vulnerability Description
Elastic Kibana Fleet是荷兰Elastic公司的一个集中管理和监控Elastic Agent的组件。 Elastic Kibana Fleet存在安全漏洞,该漏洞源于不必要的权限执行,可能导致权限滥用和越权读取索引数据。
CVSS Information
N/A
Vulnerability Type
N/A