Description
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- changed
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-200NVD-CWE-noinfo
Metadata
- Primary Vendor
- ELASTIC
- Published
- 1/23/2025
- Last Modified
- 9/30/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
elastic : kibana
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.