Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning - 2 vulnerabilities detected in Kibana version 8! One rated as CRITICAL and one rated as HIGH!
Image
Gepubliceerd : 08/05/2023
Reference:
Advisory #2023-51
Version:
1.0
Affected software:
CVE-2023-31414: Kibana versions 8.0.0 to 8.7.0
CVE-2023-31415: Kibana version 8.7.0 (No other versions are affected)
Type:
Improper Control of Generation of Code ('Code Injection')
CVE/CVSS:
CVE-2023-31414CVE-2023-31415
Sources
Kibana - https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
Risks
CVE-2023-31414: An attacker who has write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to an attacker executing arbitrary commands on the host system with permissions of the Kibana process.
CVE-2023-31415: An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to an attacker executing arbitrary commands on the host system with permissions of the Kibana process.
Description
Kibana is a data visualisation dashboard software for Elasticsearch and is commonly used to display data from Elasticsearch. The combination of Elasticsearch, Logstash and Kibana is known as an Elastic stack ELK stack. It can display all data outputted by Elasticsearch.
If an attacker could successfully exploit CVE-2023-31414 or CVE-2023-31415, the attacker could gain access to the entire system where the Kibana software is running on. The attacker can then run arbitrary commands with the same rights as the user who is running Kibana. If the Kibana instance is running within a Docker container, the code execution is limited within the Kibana Docker container.
Since Kibana is used to visualise data, successfully exploiting CVE-2023-31414 or CVE-2023-31415 also allows access to all logs that the Kibana instance has access to.
Recommended Actions
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible to version 8.7.1 at least and to analyse system and network logs for any suspicious activity.
If you have already identified an intrusion or incident, please report it via: https://ccb.belgium.be/cert/report-incident.
References
Elastic Security Issues - https://www.elastic.co/community/security/