CVE-2025-37728
Unknown
Unknown - Not Provided
BaseFortify
Description
Description
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elastic | kibana | 7.17.29 |
| elastic | kibana | 9.1.0 |
| elastic | kibana | 9.0.0 |
| elastic | kibana | 8.19.4 |
| elastic | kibana | 8.14.0 |
| elastic | kibana | 9.1.4 |
| elastic | kibana | 9.0.7 |
| elastic | kibana | 7.0 |
| elastic | kibana | 8.19.0 |
| elastic | kibana | 8.18.7 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient protection of credentials in the Crowdstrike connector. A malicious user who has access to a certain space can create and run a Crowdstrike connector there and thereby access cached Crowdstrike credentials from another space, leading to credential leakage.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to Crowdstrike credentials, potentially allowing attackers to misuse these credentials to gain further access or perform malicious actions within the affected environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70