Elastic Patches Critical Kibana Flaw Allowing Code Execution

Kibana provides essential visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create various types of plots and charts, making it a powerful tool for data analysis. However, this power comes with a price - a critical flaw in Kibana that could be exploited by attackers to gain arbitrary code execution.

An attacker could exploit this vulnerability by uploading a specially crafted file and using specifically crafted HTTP requests. This is made possible due to the "Prototype Pollution" vulnerability in JavaScript applications, which allows an attacker to manipulate an object's prototype, leading to unexpected behavior, security issues, or even remote code execution.

The flaw impacts all software versions between 8.15.0 and 8.17.3. However, its effects vary depending on the user role. In Kibana versions >= 8.15.0 and < 8.17.1, users with the Viewer role are vulnerable to this exploit. On the other hand, in Kibana versions 8.17.1 and 8.17.2, only users with specific privileges, such as fleet-all, integrations-all, and actions:execute-advanced-connectors, can be affected.

The company has addressed the flaw with the release of version 8.17.3. For users who cannot upgrade, Elastic recommends setting the xpack.integration_assistant.enabled: false in Kibana's configuration as a mitigation measure.

This critical patch highlights the importance of keeping software up-to-date and vigilant about security vulnerabilities. As always, we urge our readers to follow best practices for securing their systems and staying informed about emerging threats. Stay tuned for more updates on this developing story, and follow us on Twitter (@securityaffairs), Facebook, and Mastodon for the latest news on cybersecurity.