Kibana YAML Deserialization RCE Vulnerabilities (CVE-2024-37288/37285) and Mitigation

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Description**: - **Title**: Kibana arbitrary code execution via YAML deserialization in Amazon Bedrock Connector (ESA-2024-27) - **Description**: Kibana has a deserialization issue when attempting to parse YAML documents containing crafted payloads, which could lead to arbitrary code execution. 2. **Affected Versions**: - **Version**: Kibana version 8.15.0 3. **Solution and Mitigation**: - **Recommendation**: Users should upgrade to version 8.15.1. - **Temporary Mitigation**: - For users unable to upgrade to 8.15.1 and who must remain on 8.15.0, disable the Integration Assistant by setting `xpack.integration_assistant.enabled: false` in their `kibana.yml` configuration file. 4. **Severity**: - **CVSSv3.1**: 9.9 (Critical) 5. **CVE ID**: - **CVE-2024-37288** 6. **Kibana arbitrary code execution via YAML deserialization (ESA-2024-28)**: - **Description**: Kibana has a deserialization issue when attempting to parse YAML documents containing crafted payloads, which could lead to arbitrary code execution. - **Required Elasticsearch Index Permissions**: - `write` permission on system indices `.kibana_ingest*` - `allow_restricted_indices` flag set to `true` - **Required Kibana Permissions**: - `All` permissions granted in `Fleet` - `Read` or `All` permissions granted in `Integration` - Access to `fleet-setup` permissions via Fleet Server service account token - **Affected Versions**: Kibana versions 8.10.0 to 8.15.0 - **Solution and Mitigation**: Users should upgrade to version 8.15.1. - **Severity**: CVSSv3.1: 9.1 (Critical) 7. **CVE ID**: - **CVE-2024-37285** This information provides detailed descriptions of two distinct vulnerabilities in Kibana, including affected versions, solutions, severity levels, and CVE IDs.

Goal Reached Thanks to every supporter — we hit 100%!

Kibana YAML Deserialization RCE Vulnerabilities (CVE-2024-37288/37285) and Mitigation