Ikakavas

**Name of the Vulnerable Software and Affected Versions** Kibana versions prior to 8.19.10 Kibana versions prior to 9.1.10 Kibana versions prior to 9.2.4 **Description** An issue exists in Kibana where External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors. The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads. The vulnerability affects Kibana deployments globally and could allow authenticated users with connector privileges to read sensitive files and potentially steal secrets. **Recommendations** Kibana versions prior to 8.19.10 should be upgraded to version 8.19.10 or later. Kibana versions prior to 9.1.10 should be upgraded to version 9.1.10 or later. Kibana versions prior to 9.2.4 should be upgraded to version 9.2.4 or later.

**Name of the Vulnerable Software and Affected Versions** Elasticsearch (affected versions not specified) **Description** A flaw exists in the PKI realm authentication process within Elasticsearch. This issue allows a malicious actor to impersonate users by presenting a specially crafted client certificate signed by a trusted Certificate Authority. Successful exploitation requires the attacker to possess such a certificate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kibana versions 8.15.0 through 8.17.2 **Description** Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2, this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors. Over 198,000 exposed instances have been spotted. **Recommendations** For Kibana versions 8.15.0 through 8.17.2, update to version 8.17.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable module and limiting user privileges to minimize the risk of exploitation. Avoid using crafted file uploads and HTTP requests until the issue is resolved.