The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Arbitrary Code Injection vulnerabilities in an interactive lesson.
Start learningUpgrade kibana
to version 8.7.1 or higher.
kibana is an open source (Apache Licensed), browser-based analytics and search dashboard for Elasticsearch.
Affected versions of this package are vulnerable to Arbitrary Code Injection such that an attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.
Note:
This issue does not affect Kibana instances running on Elastic Cloud as the payload required to trigger this vulnerability cannot be set in Kibana’s configuration.
This issue affects Kibana instances running on Elastic Cloud Enterprise (ECE) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape is prevented by seccomp-bpf
and AppArmor profiles.
This issue affects Kibana instances running on Elastic Cloud on Kubernetes (ECK) but the code execution is limited within the Kibana Docker container. Further exploitation such as container escape can be prevented by seccomp-bpf
when configured and supported (Kubernetes v1.19 and later).