CVE-2024-43707
Published: 23 January 2025
Summary
CVE-2024-43707 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Elastic Kibana. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-43707 is a vulnerability in Kibana that allows a user without access to Fleet to view Elastic Agent policies, potentially exposing sensitive information. The content of this sensitive information varies based on the enabled integrations for the Elastic Agent and their versions. The issue is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity and privileges required.
An authenticated user with low privileges (PR:L) who lacks Fleet access can exploit this vulnerability over the network without user interaction. Successful exploitation grants unauthorized read access to Elastic Agent policies, enabling the attacker to obtain sensitive data contained within those policies, depending on the specific integrations and versions in use.
The Elastic Security Advisory, detailed in the referenced forum post at https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521, addresses this issue as part of Kibana 8.15.0 security updates (ESA-2024-29 and ESA-2024-30), providing patches for mitigation. Security practitioners should apply these updates promptly to affected Kibana deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-40289
Vulnerability details
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their…
more
respective versions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authz bypass in Kibana web app directly enables exploitation of public-facing app (T1190) for unauthorized retrieval of sensitive policy data (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access, directly preventing unauthorized low-privileged users from viewing sensitive Elastic Agent policies in Kibana.
Requires timely identification, reporting, and correction of flaws like CVE-2024-43707 through patching Kibana to 8.15.0 or later.
Restricts access to the least privileges necessary, ensuring users without Fleet access cannot view associated sensitive policies.