Security update: Malware vulnerability threatens Kibana analysis platform
In current versions, the Kibana developers have solved a dangerous security problem.
(Image: Artur Szczybylo/Shutterstock.com)
The Kibana analysis platform is vulnerable in various installation variants. If attacks are successful, malicious code can get onto systems. The developers have now closed the security gap.
Closing the malicious code loophole
In a post, those responsible write that on-premises installations are specifically at risk. The description reads as if attackers could execute malicious code in the host's operating system after a successful attack.
Docker installations via Elastic Cloud are also under threat. In these cases, the execution of malicious code should be restricted to the Docker container due to the seccomp-bpf protection mechanism, according to the developers.
The developers state that they have closed the"critical" vulnerability (CVE-2024-37287) in Kibana versions 7.17.23 and 8.14.2. All previous versions are said to be vulnerable.
(des)
