vulnerability

Elastic Kibana: CVE-2024-43707: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:C/I:N/A:N)	Jan 23, 2025	Sep 3, 2025	Oct 1, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:N)

Published

Jan 23, 2025

Added

Sep 3, 2025

Modified

Oct 1, 2025

Description

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.

Solution

elastic-kibana-upgrade-latest

References

CWE-200
CVE-2024-43707
https://attackerkb.com/topics/CVE-2024-43707
URL-https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today