CVE-2024-23442 – This CVE describes an open redirect vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-23442?

CVE-2024-23442 has a CVSS score of 6.1 (MEDIUM). This CVE describes an open redirect vulnerability in Kibana where attackers can craft malicious URLs that redirect users to arbitrary external websites. Kibana users who click on specially crafted links are affected. The vulnerability requires user interaction through clicking a link.

📋 TL;DR

This CVE describes an open redirect vulnerability in Kibana where attackers can craft malicious URLs that redirect users to arbitrary external websites. Kibana users who click on specially crafted links are affected. The vulnerability requires user interaction through clicking a link.

💻 Affected Systems

Products:

Kibana

Versions: Versions before 8.14.0, 7.17.22

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Kibana deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

Kibana by Elastic

View all CVEs affecting Kibana →

Kibana by Elastic

View all CVEs affecting Kibana →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.

🟠

Likely Case

Attackers use crafted links in phishing campaigns to redirect users to malicious sites for credential harvesting or social engineering.

🟢

If Mitigated

With proper user awareness training and URL validation, impact is limited to failed phishing attempts with minimal damage.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Open redirect vulnerabilities are commonly exploited in phishing campaigns and require minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kibana 8.14.0, 7.17.22

Vendor Advisory: https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502

Restart Required: Yes

Instructions:

1. Backup Kibana configuration and data. 2. Download and install Kibana 8.14.0 or 7.17.22 from elastic.co. 3. Restart Kibana service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation Proxy

all

Deploy a reverse proxy or WAF that validates and filters redirect URLs

User Awareness Training

all

Train users to verify URLs before clicking and report suspicious Kibana links

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict redirect destinations
Monitor Kibana access logs for unusual redirect patterns and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Kibana version via web interface or command line. If version is below 8.14.0 (for 8.x) or 7.17.22 (for 7.x), system is vulnerable.

Check Version:

curl -X GET "http://localhost:5601/api/status" | grep "number"

Verify Fix Applied:

After patching, verify Kibana version shows 8.14.0 or 7.17.22 or higher. Test redirect functionality with controlled test cases.

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in Kibana access logs
Multiple failed redirect attempts
Requests with suspicious URL parameters

Network Indicators:

Outbound connections from Kibana to unexpected external domains
HTTP 302/301 responses with external URLs

SIEM Query:

source="kibana.log" AND ("302" OR "301") AND url="*http://*" AND NOT url="*localhost*" AND NOT url="*internal-domain*"

📊 Metadata

CVE ID: CVE-2024-23442

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

Published: June 14, 2024

Last Updated: November 21, 2024

🔗 References

https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502 Vendor Advisory
https://discuss.elastic.co/t/kibana-8-14-0-7-17-22-security-update/361502 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23442, you might also want to check these: