Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HElastic Kibana
APPElastic≤ 5.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2019-7609CRITICAL10.0⚠ KEVten sam produkt
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
CVE-2025-25014CRITICAL9.1PL ✓ten sam produkt
Prototype Pollution w Kibana prowadzące do RCE przez HTTP
CVE-2025-25015CRITICAL9.9PL ✓ten sam produkt
Prototype Pollution w Elastic Kibana umożliwia zdalne wykonanie kodu (RCE)
CVE-2024-37285CRITICAL9.1PL ✓ten sam produkt
RCE przez deserializację YAML w Elastic Kibana
CVE-2024-37288CRITICAL9.9PL ✓ten sam produkt
Deserializacja YAML w Kibana umożliwia zdalne wykonanie kodu (RCE)