Users need to be aware of a critical vulnerability (CVE-2022-23711) that has recently been identified in Kibana. This vulnerability enables attackers to gain unauthorized access to sensitive information about the Elastic Stack monitoring in the Kibana page source. Moreover, authentication with a vulnerable Kibana instance is not required to view the information, thus potentially exposing critical data and making systems vulnerable to attacks. In this post, we will discuss the vulnerability in detail, along with code snippets, links to original references, and exploit details.

Vulnerability Description

CVE-2022-23711 is a vulnerability in Kibana that, if exploited, can expose sensitive information related to Elastic Stack monitoring in the Kibana page source. This vulnerability mainly affects users who have set any of the optional monitoring.ui.elasticsearch.* settings to configure Kibana as a remote UI for Elastic Stack Monitoring. The same vulnerability can also expose other non-sensitive application-internal information in the page source.

Code Snippet

The following code snippet demonstrates how sensitive information can potentially be revealed in the Kibana page source:

<script>
  window.__kbnNonce__ = '...';
  window.__kbnConfig__ = JSON.parse(
    decodeURIComponent(
      '...'
    )
  );
</script>


Here, the window.__kbnConfig__ object is being populated with sensitive information.

Exploit Details

An attacker can exploit this vulnerability to access sensitive information related to Elastic Stack monitoring, including configuration data, indices, and node information. Since no authentication is required, this poses a high risk to systems using Kibana for Elastic Stack monitoring.

1. Official Elastic CVE Announcement: https://www.elastic.co/community/security
2. Kibana GitHub Repository: https://github.com/elastic/kibana
3. National Vulnerability Database (NVD) CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23711

Upgrade to a non-vulnerable version of Kibana, such as 7.16.1 or newer.

2. Temporarily disable the monitoring.ui.elasticsearch.* settings and stop using Kibana as a remote UI for Elastic Stack Monitoring until you can apply the patch or upgrade Kibana.

Conclusion

CVE-2022-23711, a recently discovered vulnerability in Kibana, poses a significant risk by exposing sensitive Elastic Stack monitoring information. Users need to be vigilant and take appropriate steps to secure their systems, including upgrading Kibana to a non-vulnerable version and following the mitigation actions mentioned above. Stay updated on this issue and other security vulnerabilities by keeping an eye on official references and announcements.

Timeline

Published on: 04/21/2022 19:15:00 UTC
Last modified on: 05/03/2022 19:04:00 UTC