CVE-2024-43708 – This vulnerability allows authenticated users w... (How to Fix)

Q: What is the severity of CVE-2024-43708?

CVE-2024-43708 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows authenticated users with read access to Kibana to send specially crafted payloads that cause resource exhaustion, leading to Kibana service crashes. It affects Kibana instances where users can access UI inputs, potentially causing denial of service.

📋 TL;DR

This vulnerability allows authenticated users with read access to Kibana to send specially crafted payloads that cause resource exhaustion, leading to Kibana service crashes. It affects Kibana instances where users can access UI inputs, potentially causing denial of service.

💻 Affected Systems

Products:

Kibana

Versions: Multiple versions up to and including 8.15.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Kibana instances with any authenticated users having read access to Kibana features.

📦 What is this software?

Kibana by Elastic

View all CVEs affecting Kibana →

Kibana by Elastic

View all CVEs affecting Kibana →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete Kibana service outage affecting all users, requiring service restart and potentially causing data loss if crashes occur during critical operations.

🟠

Likely Case

Intermittent Kibana crashes affecting availability, requiring administrator intervention to restart services and restore functionality.

🟢

If Mitigated

Limited impact with proper monitoring and automated recovery systems in place, though service interruptions may still occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated user access but payload construction appears straightforward based on vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kibana 7.17.23 and 8.15.1

Vendor Advisory: https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548

Restart Required: Yes

Instructions:

1. Backup Kibana configuration and data. 2. Stop Kibana service. 3. Upgrade to Kibana 7.17.23 or 8.15.1. 4. Restart Kibana service. 5. Verify service is running correctly.

🔧 Temporary Workarounds

Restrict User Access

all

Limit Kibana access to only essential users and review permissions to minimize attack surface.

Implement Rate Limiting

all

Configure reverse proxy or load balancer to limit request rates to Kibana endpoints.

🧯 If You Can't Patch

Implement strict access controls and monitor for unusual request patterns
Deploy Kibana behind WAF with request size and rate limiting rules

🔍 How to Verify

Check if Vulnerable:

Check Kibana version via Settings > About in Kibana UI or run 'kibana --version' command.

Check Version:

kibana --version

Verify Fix Applied:

Verify Kibana version is 7.17.23 or higher for 7.x branch, or 8.15.1 or higher for 8.x branch.

📡 Detection & Monitoring

Log Indicators:

Kibana process crashes
Out of memory errors in Kibana logs
Unusually large request payloads

Network Indicators:

Multiple large POST requests to Kibana endpoints from single users
Sudden drop in Kibana service availability

SIEM Query:

source="kibana.log" AND ("out of memory" OR "process crashed" OR "allocation failure")

📊 Metadata

CVE ID: CVE-2024-43708

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.26% exploit probability (48.8th percentile)

Published: January 23, 2025

Last Updated: September 30, 2025

🔗 References

https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548 Issue Tracking,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43708, you might also want to check these: