CVE Vulnerabilities

CVE-2024-37279

Published: Jun 13, 2024 | Modified: Oct 03, 2024

CVSS 3.x

4.3

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS 2.x

RedHat/V2

RedHat/V3

4.3 MODERATE

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-37279
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries.

Affected Software

Name	Vendor	Start Version	End Version
Kibana	Elastic	8.6.3 (including)	8.14.0 (excluding)

References

https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.