Kibana Vulnerabilities

This vulnerability allows an attacker with specific permissions in Kibana to read any file on the server and potentially make unauthorized requests to other servers. To exploit this, the attacker must be an authenticated user with the ability to execute workflows.

This vulnerability allows an attacker to overload the Kibana service, causing it to become unresponsive, effectively leading to a Denial of Service. It can be exploited by sending specially crafted input data to the Timelion component, which means that the attacker needs to have access to the Kibana interface to trigger the issue.

This vulnerability allows an attacker to cause Kibana to crash or become unresponsive by sending specially crafted input that triggers excessive processing in the system's regular expressions. To exploit this, the attacker needs access to the AI Inference Anonymization Engine, which may be exposed through user inputs or API calls.

This vulnerability allows an attacker to crash the Kibana service by sending specially crafted input to its search feature, which can overwhelm the system. To exploit this, the attacker needs access to the internal Content Connectors endpoint, making it critical to secure that part of the application.

An attacker with view-only access to Kibana can exploit this vulnerability to send specially crafted data that overwhelms the system, causing it to crash or become unresponsive. This means that even users who are not fully authorized can disrupt the service by manipulating input data.