A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
References
| Link | Resource |
|---|---|
| https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Mar 2022, 15:26
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:elastic:kibana:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* |
|
| First Time |
Elastic kibana
Elastic |
|
| CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
| CWE | CWE-862 | |
| References | (MISC) https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447 - Vendor Advisory |
03 Mar 2022, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-03 22:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-23709
Mitre link : CVE-2022-23709
CVE.ORG link : CVE-2022-23709
JSON object : View
Products Affected
elastic
- kibana