CVE-2023-31414

Name of the Vulnerable Software and Affected Versions Kibana versions 8.0.0 through 8.7.0

Description The issue is an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Recommendations For Kibana versions 8.0.0 through 8.7.0, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting write access to Kibana yaml or env configuration to minimize the risk of exploitation.