Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: KIBANA VULNERABILITIES (CVE-2024-43707 & CVE-2024-43710), PATCH IMMEDIATELY!
Image
Published : 29/01/2025
Reference:
Advisory #2025-21
Version:
1.0
Affected software:
Kibana versions from 8.0.0 and before 8.15.0
Type:
Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF)
CVE/CVSS:
CVE-2024-43707: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVE-2024-43710: CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Sources
https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521
Risks
Kibana is a data visualization dashboard software for Elasticsearch. In a recent security update, two vulnerabilities were disclosed. The first vulnerability, ‘CVE-2024-43707’, is an unauthorized access flaw that could allow threat actors to exfiltrate sensitive information stored within Elastic agent policies. The second vulnerability, ‘CVE-2024-43710’, is an SSRF flaw that could allow threat actors to send requests to internal devices.
Even though there are no reports of these vulnerabilities being exploited in the wild, affected systems should be patched promptly to version 8.15.0 to prevent potential abuse.
Description
CVE-2024-43707: Kibana Exposure of Sensitive Information (High Severity)
A vulnerability in Kibana allows unauthorized actors to view Elastic Agent policies, potentially exposing sensitive information. The exact nature of the exposed data depends on the enabled integrations and their versions, but it could include important details.
CVE-2024-43710: Kibana Server-Side Request Forgery (Medium Severity)
Kibana’s /api/fleet/health_check API revealed a server-side request forgery vulnerability. The flaw allows users with read access to Fleet to send crafted requests to internal endpoints. Only endpoints available over HTTPS that return JSON could be accessed.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. Kibana released version 8.15.0 which resolves the issues.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-43707
https://nvd.nist.gov/vuln/detail/CVE-2024-43710