CVE-2024-37285

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html assigned to them. The following Elasticsearch indices permissions are required * write privilege on the system indices .kibana_ingest* * The allow_restricted_indices flag is set to true Any of the following Kibana privileges are additionally required * Under Fleet the All privilege is granted * Under Integration the Read or All privilege is granted * Access to the fleet-setup privilege is gained through the Fleet Server’s service account token

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*

History

01 Oct 2025, 18:36

Type	Values Removed	Values Added
CPE		cpe:2.3:a:elastic:kibana::::::::
First Time		Elastic kibana Elastic
References	~~() https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 -~~	() https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 - Patch, Vendor Advisory

Information

Published : 2024-11-14 17:15

Updated : 2025-10-01 18:36

NVD link : CVE-2024-37285

Mitre link : CVE-2024-37285

CVE.ORG link : CVE-2024-37285

JSON object : View

Products Affected

elastic

kibana

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-37285", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-11-14T17:15:06.457", "references": [{"url": "https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119", "tags": ["Patch", "Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv \u00a0and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html \u00a0assigned to them.\n\n\n\nThe following Elasticsearch indices permissions are required\n\n * write\u00a0privilege on the system indices .kibana_ingest*\n * The allow_restricted_indices\u00a0flag is set to true\n\n\nAny of the following Kibana privileges are additionally required\n\n * Under Fleet\u00a0the All\u00a0privilege is granted\n * Under Integration\u00a0the Read\u00a0or All\u00a0privilege is granted\n * Access to the fleet-setup\u00a0privilege is gained through the Fleet Server\u2019s service account token"}, {"lang": "es", "value": "Un problema de deserializaci\u00f3n en Kibana puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario cuando Kibana intenta analizar un documento YAML que contiene un payload manipulado. Un ataque exitoso requiere que un usuario malintencionado tenga una combinaci\u00f3n de privilegios espec\u00edficos de \u00edndices de Elasticsearch https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv y privilegios de Kibana https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html asignados a ellos. Se requieren los siguientes permisos de \u00edndices de Elasticsearch * privilegio de escritura en los \u00edndices del sistema .kibana_ingest* * El indicador allow_restricted_indices est\u00e1 configurado en verdadero Cualquiera de los siguientes privilegios de Kibana tambi\u00e9n se requiere * En Fleet, se otorga el privilegio All * En Integration, se otorga el privilegio Read o All * El acceso al privilegio de configuraci\u00f3n de la flota se obtiene a trav\u00e9s del token de cuenta de servicio del servidor Fleet"}], "lastModified": "2025-10-01T18:36:35.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A43056B3-82DB-47C7-83C9-79C1E628221C", "versionEndIncluding": "8.15.0", "versionStartIncluding": "8.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}