CVE-2023-31415

Name of the Vulnerable Software and Affected Versions Kibana version 8.7.0

Description The issue is an arbitrary code execution flaw. An attacker with all privileges to the Uptime/Synthetics feature could send a request to execute JavaScript code, potentially leading to the execution of arbitrary commands on the host system with the permissions of the Kibana process.

Recommendations For Kibana version 8.7.0, consider disabling the Uptime/Synthetics feature until a patch is available to prevent potential exploitation. Restrict access to the feature to minimize the risk of arbitrary code execution.