vulnerability

Elastic Kibana: CVE-2023-31414: Improper Control of Generation of Code

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	May 4, 2023	Sep 3, 2025	Sep 3, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

May 4, 2023

Added

Sep 3, 2025

Modified

Sep 3, 2025

Description

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.

Solution

elastic-kibana-upgrade-latest

References

CWE-94
CVE-2023-31414
https://attackerkb.com/topics/CVE-2023-31414
URL-https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330
URL-https://www.elastic.co/community/security/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today