Description

An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.

Classification

Assigner: [email protected]

CWE: CWE-601

Links
CPEs
  • elastic kibana 8.14.0

CVSS

CVSS version: 3.1 Base score: 6.1
Base severity: MEDIUM Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability score: 2.8 Impact score: 2.7

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-23442 in Kibana. The vulnerability is related to an open redirect issue, where a user could be redirected to a malicious website if they click on a specially crafted URL in Kibana. The Common Vulnerabilities and Exposures (CVE) ID for this issue is bc5e9a72-f6a8-4ab4-8d7b-4591f30b86c0. The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by including it as a step in a larger attack scenario. For example, an attacker could exploit the open redirect issue in Kibana to trick a user into clicking on a maliciously crafted URL that appears to be legitimate. Once the user clicks on the URL, they could be redirected to a phishing website or a site hosting malware, leading to potential data theft or compromise of the users system. This vulnerability could be used as an initial entry point in a larger attack chain, allowing the attacker to gain a foothold in the target system and carry out further malicious activities.


Generated on: 2024-07-01