免费扫描
CRITICALCVE-2024-37287CVSS 9.1

Kibana 通过原型污染实现任意代码执行

平台

nodejs

组件

kibana

修复版本

7.17.23, 8.14.2

AI Confidence: highNVDEPSS 0.9%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2024-37287 describes a critical remote code execution (RCE) vulnerability discovered in Kibana. This flaw allows an attacker with specific privileges to execute arbitrary code on the Kibana server. The vulnerability affects Kibana versions 7.7.0 through 7.17.23 and 8.14.2. A fix has been released, requiring users to upgrade to a patched version.

影响与攻击场景翻译中…

The impact of CVE-2024-37287 is severe. A successful exploit allows an attacker to execute arbitrary code within the Kibana environment, potentially gaining complete control over the server. This could lead to data breaches, system compromise, and further lateral movement within the network. The vulnerability hinges on access to Kibana's ML and Alerting connector features, combined with write access to internal ML indices, making it particularly concerning for organizations heavily utilizing these features. The prototype pollution mechanism, while complex, provides a reliable attack vector once these prerequisites are met. This vulnerability shares similarities with other prototype pollution attacks, highlighting the importance of secure coding practices in JavaScript-based applications.

利用背景翻译中…

CVE-2024-37287 was publicly disclosed on August 13, 2024. The vulnerability's complexity might initially limit widespread exploitation, but the availability of a public proof-of-concept could accelerate adoption by malicious actors. The EPSS score is likely to be assessed as medium to high, given the critical CVSS score and potential for significant impact. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Kibana instances.

哪些人处于风险中翻译中…

Organizations heavily reliant on Kibana's ML and Alerting connector features are at the highest risk. This includes security operations centers (SOCs) using Kibana for threat detection and incident response, and businesses leveraging Kibana for data visualization and analytics. Environments with misconfigured permissions granting write access to internal ML indices are particularly vulnerable.

检测步骤翻译中…

• nodejs / server: Monitor Kibana logs for errors or unusual activity related to ML and Alerting connectors. Look for patterns indicative of prototype pollution attempts.

journalctl -u kibana -f | grep -i 'prototype pollution'

• generic web: Check Kibana endpoints for unexpected behavior or responses. Use curl to probe for potential vulnerabilities.

curl -v http://kibana_host/api/ml/connectors

• wordpress / composer / npm: (Not applicable, Kibana is not a WordPress plugin) • database (mysql, redis, mongodb, postgresql): (Not applicable, Kibana does not directly interact with these databases in a vulnerable way)

攻击时间线

  1. Disclosure

    disclosure

  2. Patch

    patch

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.85% (75% 百分位)

CISA SSVC

利用情况none
可自动化no
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.1CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredHigh攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeChanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
高 — 需要管理员或特权账户。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
已改变 — 攻击可以超出脆弱组件,影响其他系统。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件kibana
供应商Elastic
影响范围修复版本
7.7.0, 8.0.0 – 7.17.23, 8.14.27.17.23, 8.14.2

弱点分类 (CWE)

CWE-94

时间线

  1. 已保留
  2. 发布日期
  3. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-37287 is to upgrade Kibana to a patched version. Elastic has released versions 7.17.23 and 8.14.2 that address this vulnerability. If immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting access to the ML and Alerting connector features, and limiting write access to internal ML indices, can significantly reduce the attack surface. While not a complete fix, this can buy time until a full upgrade can be performed. Monitor Kibana logs for any unusual activity related to ML or Alerting connectors. Consider implementing a Web Application Firewall (WAF) with rules to detect and block prototype pollution attempts. After upgrading, confirm the fix by attempting to trigger the vulnerability using known exploitation techniques and verifying that the code execution is prevented.

修复方法

将 Kibana 更新到 7.17.23 或 8.14.2 或更高版本。这些版本包含原型污染漏洞的修复。更新将缓解任意代码执行的风险。

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-37287 — RCE in Kibana?

CVE-2024-37287 is a critical remote code execution vulnerability in Kibana versions 7.7.0–7.17.23 and 8.14.2, allowing attackers to execute arbitrary code with proper access.

Am I affected by CVE-2024-37287 in Kibana?

If you are running Kibana versions 7.7.0 through 7.17.23 or 8.14.2 and have users with access to ML and Alerting connectors and write access to internal ML indices, you are potentially affected.

How do I fix CVE-2024-37287 in Kibana?

Upgrade Kibana to version 7.17.23 or 8.14.2. As a temporary workaround, restrict access to ML/Alerting connectors and limit write access to internal ML indices.

Is CVE-2024-37287 being actively exploited?

While active exploitation is not yet confirmed, the vulnerability's severity and public disclosure increase the likelihood of exploitation. Monitor threat intelligence feeds for updates.

Where can I find the official Kibana advisory for CVE-2024-37287?

Refer to the Elastic Security blog post detailing the vulnerability: https://www.elastic.co/blog/security-update-cve-202437287

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE