Kibana Fleet 中不正确的授权导致信息泄露

CVE-2026-33460 影响 Kibana，可能导致通过特权滥用进行跨空间信息泄露。 Kibana 中一个空间的 Fleet 代理管理权限的用户可以通过内部注册端点从其他空间检索 Fleet Server 策略详细信息。 这是由于空间范围访问控制的失败造成的，因为内部端点使用非范围客户端，从而绕过访问限制。 此漏洞会泄露用户没有直接访问权限的空间中的操作标识符、策略名称、管理状态和基础设施链接详细信息。 CVSS 4.3 分数表明存在中等风险，需要及时采取措施以减轻潜在的未经授权访问。 这可能导致敏感配置数据的泄露，并可能影响运营安全。

Organizations heavily reliant on Kibana's Fleet management capabilities, particularly those with complex Kibana deployments involving multiple spaces and varying levels of user access, are at increased risk. Shared hosting environments where multiple users share a Kibana instance are also particularly vulnerable, as a compromised user in one space could potentially access data from other spaces.

• nodejs / server: Monitor Kibana logs for requests to the internal enrollment endpoint that originate from users with Fleet agent management privileges but lack authorization for the target space. Use grep to search for patterns indicating unauthorized access attempts.

grep 'internal_enrollment_endpoint' /var/log/kibana/*

• nodejs / server: Examine Kibana's internal network traffic using tools like tcpdump or Wireshark to identify suspicious communication patterns related to the enrollment endpoint. • wordpress / composer / npm: (Not applicable - Kibana is not a WordPress plugin or Node.js package) • database (mysql, redis, mongodb, postgresql): (Not applicable - Kibana does not directly interact with these databases for this vulnerability) • generic web: Monitor Kibana's access logs for unusual patterns of requests targeting the internal enrollment endpoint, particularly from users with Fleet agent management privileges.

1. 2026-04-08Disclosure

   disclosure

1. 已保留2026-03-20
2. 发布日期2026-04-08
3. 修改日期2026-04-09
4. EPSS 更新日期2026-04-16

CVE-2026-33460 的解决方案是将 Kibana 升级到 9.3.3 或更高版本。 此更新解决了允许对 Fleet Server 策略详细信息进行未经授权访问的授权漏洞。 我们强烈建议尽快应用更新，尤其是在数据安全至关重要的环境中。 此外，请审查 Kibana 空间权限配置，以确保用户只能访问他们需要的资源。 监控与受影响的内部端点相关的 Kibana 日志中的可疑活动。 补丁应用和权限审查是保护 Kibana 环境的关键步骤。