Summary
Elastic NV is releasing security updates to address multiple vulnerabilities, including one with a severity of “critical” and one with a severity of “high,” affecting Fleet Server and Kibana products. These vulnerabilities, if exploited, could allow an attacker to access sensitive information on the target systems.
Risk
Estimate of the impact of the vulnerability on the reference community: High (65.38)
Type
- Information Disclosure
Affected products and/or versions
- Kibana 8.x, versions prior to 8.15.0
- Fleet Server, versions from 8.13.0 to 8.15.0 (excluding)
Mitigation actions
In line with the vendor statements, it is recommended to update the vulnerable products following the indications of the security bulletins reported in the References section.
Below are only the CVEs related to the vulnerabilities with a severity of “critical” and “high”:
References
https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521
https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
