CVE-2024-43707

CVE-2024-43707 is a vulnerability in Kibana that allows a user without access to Fleet to view Elastic Agent policies, potentially exposing sensitive information. The content of this sensitive information varies based on the enabled integrations for the Elastic Agent and their versions. The issue is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity and privileges required.

An authenticated user with low privileges (PR:L) who lacks Fleet access can exploit this vulnerability over the network without user interaction. Successful exploitation grants unauthorized read access to Elastic Agent policies, enabling the attacker to obtain sensitive data contained within those policies, depending on the specific integrations and versions in use.

The Elastic Security Advisory, detailed in the referenced forum post at https://discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/373521, addresses this issue as part of Kibana 8.15.0 security updates (ESA-2024-29 and ESA-2024-30), providing patches for mitigation. Security practitioners should apply these updates promptly to affected Kibana deployments.