EIQ-2024-0001#

ID

EIQ-2024-0001

CVE

CVE-2024-37287

Description

Kibana < 8.14.2,7.17.23 contains arbitrary code execution flaw

Date

8 Aug 2024

Severity

4 - CRITICAL

CVSSv3 score

9.9

Status

⏲ IC 2.14, 3.0, 3.1, 3.2, 3.3

Assessment

Elastic issued a critical security advisory ESA-2024-22, stating that the following Kibana versions are vulnerable to arbitrary code execution via prototype pollution:

  • Earlier than 8.14.2

  • Earlier than 7.17.23

For more information on the vulnerability, go to Elastic’s advisory: ESA-2024-22 The following Intelligence Center (IC) versions bundle affected versions of Kibana:

  • IC 2.14: Elasticsearch, Logstash, and Kibana (ELK) 7.16.3

  • IC 3.0, 3.1: ELK 7.17.8

  • IC 3.2, 3.3: ELK 8.8.0

Customers using these IC versions should upgrade Elasticsearch, Kibana, and Logstash to 7.17.23 or 8.14.2 as soon as they are available.

EclecticIQ will inform customers when an upgrade path is available.

Meanwhile, customers can mitigate the issue by disabling the Machine Learning API in their Elasticsearch cluster. For more information, see Mitigation.

Mitigation

You can mitigate this issue on existing IC instances that deploy affected versions of Kibana by disabling the Elasticsearch Machine Learning API.

To do this on an IC deployment:

  1. Open a terminal session and SSH into the Elasticsearch host.

    If you have a multi-node Elasticsearch cluster, you must perform this on all master-eligible nodes. If you have used the IC installation playbooks to deploy your instance, you must do this on all Elasticsearch nodes.

  2. Edit the /etc/eclecticiq-elasticsearch/elasticsearch.yml file.

  3. Set the xpack.ml.enabled property to false.

  4. Save, and restart Elasticsearch and Kibana on the node. Run as root:

    systemctl restart elasticsearch
    systemctl restart kibana
    

Affected versions

All IC installations using Kibana versions earlier than 8.14.2,7.17.23

Notes

N/A