101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

580
active users

#kibana

0 posts0 participants0 posts today

Elastic has published a security advisory for a CVSSv3 9.9 rated RCE in Kibana versions 8.15.0 to 8.17.2. The access required varies depending on the version, see the post below.

Kibana version 8.17.3 has been released to address this vulnerability.

Note: Elastic indicates that the vulnerability is tracked as CVE-2025-25012 which is currently unlisted in the NIST NVD. NIST does seem to track this as CVE-2025-25015.

runzero.com/blog/elastic-kiban

nvd.nist.govNVD - CVE-2025-25012

#Visualpath offers #sitereliabilityengineering Online Training in Bangalore with expert-led, job-oriented training and real-time projects.Our SRE Certification Course includes daily recorded sessions, 24/7 access, and resume preparation support. Enroll now or call +91-7032290546 for a free demo!
🌐 Visit: visualpath.in/online-site-reli
👉 WhatsApp: wa.me/c/917032290546
🌐 Visit Blog: visualpathblogs.com/category/s

#Visualpath, a leading #sitereliabilityengineerEngineering Training Online in Bangalore offers expert-led courses with real-time projects. Get Daily Recorded Sessions for Reference and 24/7 Access to Recorded Sessions for flexible learning. Our SRE online courses are globally accessible in the USA, UK, Canada, Dubai, and Australia. Enroll now or call +91-7032290546 for a free demo!
Visit: visualpath.in/online-site-reli

Critical Kibana Vulnerability - Arbitrary Code Execution via YAML Deserialization

Date: September 5, 2024

CVE: CVE-2024-37285

Vulnerability Type: Deserialization of Untrusted Data

CWE: [[CWE-502]]

Sources: Elastic Security Advisory

Synopsis

CVE-2024-37285 impacts Kibana versions 8.10.0 to 8.15.0, where a deserialization flaw allows remote code execution if an attacker injects malicious YAML payloads. This vulnerability requires that an attacker has elevated Elasticsearch and Kibana privileges.

Issue Summary

The vulnerability arises from improper YAML deserialization within Kibana. A malicious actor can craft a YAML payload and execute arbitrary code, provided they have specific Elasticsearch index and Kibana privileges. This issue affects Kibana from versions 8.10.0 through 8.15.0 and is critical due to its ease of exploitation and the potential for widespread impact.

Technical Key Findings

Attackers exploit this flaw by submitting a specially crafted YAML document that Kibana deserializes without proper validation. Once the malicious code is parsed, it can run on the server with elevated privileges, enabling arbitrary code execution.

The attacker must have the following Elasticsearch indices permissions;

  • write access to system indices .kibana_ingest*
  • The allow_restricted_indices flag needs to be set to true

The attacker must also have ANY of the following Kibana privileges;

  • Under Fleet the All privilege is granted
  • Under Integration the Read or All privilege is granted
  • Access to the fleet-setup privilege is gained through the Fleet Server’s service account token## Vulnerable Products
  • Kibana versions 8.10.0 to 8.15.0.

Impact Assessment

Successful exploitation could allow an attacker to execute arbitrary commands, leading to a complete system compromise. This could affect confidentiality, integrity, and availability, making it a high-risk issue for organizations relying on Kibana for data visualization and exploration.

Patches or Workaround

Upgrading to Kibana version 8.15.1 resolves this vulnerability. Additionally, limiting access to Elasticsearch indices and restricting Kibana privileges reduces exposure.

Tags

#CVE-2024-37285 #Kibana #ArbitraryCodeExecution #YAML #Deserialization #ElasticStack #CyberSecurity

Discuss the Elastic Stack · Kibana 8.15.1 Security Update (ESA-2024-27, ESA-2024-28)Kibana arbitrary code execution via YAML deserialization in Amazon Bedrock Connector (ESA-2024-27) A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools and have configured an Amazon Bedrock connector. Affected Versions: Kibana version 8.15.0. Solutions and Mitigations: Users should upgrade to version 8.15.1. For Users tha...

It feels laughably complex for what I'm working on, but I'm really liking this #logging stack of #OpenTelemetry, #Jaeger, #ElasticSearch, and #Kibana. OpenTelemetry's spans are really cool, and you get a lot out of the box with the auto-instrumentation (automatic spans for supported libraries like Postgresql and Nextjs). Attaching properties to spans is the cherry on top.

I'm not super happy with how to logs show up on Kibana, you end up with a weird nested query syntax. But it works!

The City of #CapeTown #DataScience branch is hiring again - this time a senior data analyst: linkedin.com/jobs/view/3641137

Our data analysts spend about 45% of their time doing statistical wizardry, 45% pushing graphs in front of people and tapping them repeatedly until they pay attention, and 10% of time making our open source BI tools (#ApacheSuperset, #Kibana) do things no one knew they could.

Please feel free to reach out at <my firstname>.<my surname>@capetown.gov.za with any questions!