QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-23709

Back to search

CVE-2022-23709

Published: Mar 3, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.

VendorProductVersions

Elastic

kibana

affected
Versions 7.7.0 through 7.17.0, and 8.0.0

Weaknesses (CWE)

CWE-264

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now