heise PlusAbo
Anzeige

Security update: Malware vulnerability threatens Kibana analysis platform

In current versions, the Kibana developers have solved a dangerous security problem.

listen Print view
A sign with the words "Time to update"

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

The Kibana analysis platform is vulnerable in various installation variants. If attacks are successful, malicious code can get onto systems. The developers have now closed the security gap.

Closing the malicious code loophole

In a post, those responsible write that on-premises installations are specifically at risk. The description reads as if attackers could execute malicious code in the host's operating system after a successful attack.

Videos by heise

Docker installations via Elastic Cloud are also under threat. In these cases, the execution of malicious code should be restricted to the Docker container due to the seccomp-bpf protection mechanism, according to the developers.

The developers state that they have closed the"critical" vulnerability (CVE-2024-37287) in Kibana versions 7.17.23 and 8.14.2. All previous versions are said to be vulnerable.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten