Kibana Releases Security Patch to Fix Code Injection Vulnerability

Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability identified as CVE-2024-12556.

The flaw, referred to as “Kibana Prototype Pollution,” could allow attackers to execute arbitrary code by exploiting a combination of unrestricted file uploads and path traversal.

The vulnerability, which carries a CVSS score of 8.7 (High), impacts multiple versions of Kibana, a widely used data visualization platform.

Elastic has urged users to update to the latest patched versions to mitigate potential risks.

CVE-2024-12556: Key Details

CVE-2024-12556 is linked to prototype pollution in Kibana’s integration assistant feature. Exploitation requires attackers to have authenticated, low-privilege access to the platform and user interaction.

Successful attacks can lead to code injection, resulting in severe implications such as the compromise of sensitive data or operational disruptions.

Affected Products

The vulnerability affects the following Kibana versions:

Product	Affected Versions	Patched Versions
Kibana	8.16.1 to 8.17.1	8.16.4, 8.17.2, or later

Elastic strongly recommends users on affected versions to upgrade to 8.16.4, 8.17.2, or higher to address the security flaw.

For organizations unable to upgrade immediately, Elastic has outlined a temporary mitigation strategy. Users can disable the vulnerable integration assistant feature by editing the kibana.yml configuration file:

xpack.integration_assistant.enabled: false 

This measure will prevent exploitation but is not a substitute for applying the patched versions.

Severity and Impact

• Severity Score: 8.7 (High)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

This vulnerability poses a significant risk to organizations using affected Kibana versions, as it could allow attackers to inject malicious code into their systems.

Recommendations

1. Update Immediately: Elastic advises users of Kibana versions 8.16.1 through 8.17.1 to upgrade to version 8.16.4 or 8.17.2 as soon as possible.
2. Apply Mitigation Temporarily: For customers unable to upgrade, disable the integration assistant feature using the provided configuration.
3. Monitor and Audit Systems: Organizations should monitor access logs, apply least privilege permissions to Kibana users, and conduct regular security audits to mitigate risks.

Elastic’s swift response emphasizes its commitment to security, but the incident highlights the importance of proactive patch management within organizations.

The advisory provides additional details for administrators and security teams to implement the recommended fixes.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!