First published: Thu Mar 03 2022(Updated: )
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
Credit: bressers@elastic.co
Affected Software | Affected Version | How to fix |
---|---|---|
Elastic Kibana | >=7.7.0<7.17.1 | |
Elastic Kibana | =8.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23709 is a vulnerability in Kibana that allows users with Read access to the Uptime feature to modify alerting rules.
CVE-2022-23709 has a severity rating of medium with a CVSS score of 4.3.
CVE-2022-23709 affects Elastic Kibana versions 7.7.0 to 7.17.1 and version 8.0.0.
Users with Read access to the Uptime feature should upgrade to a version of Elastic Kibana beyond 7.17.1 or version 8.0.0.
You can find more information about CVE-2022-23709 at the following link: [https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447]