What is CVE-2024-43707?

CVE-2024-43707 is a high-severity vulnerability in Elastic Kibana, classified under Information Disclosure. CVSS score: 7.7/10. Published 2025-01-23.

How severe is CVE-2024-43707?

High severity. CVSS v3 base score is 7.7 out of 10.

Information disclosure in Elastic Kibana

CVE-2024-43707

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Ag…

Vulnerability class: Information Disclosure

EPSS: 0.008 (74.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Elastic Kibana — versions 8.0.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

discuss.elastic.co/t/kibana-8-15-0-security-update-esa-2024-29-esa-2024-30/3735…

Frequently asked questions

What is CVE-2024-43707?: CVE-2024-43707 is a high-severity vulnerability in Elastic Kibana, classified under Information Disclosure. CVSS score: 7.7/10. Published 2025-01-23.
How severe is CVE-2024-43707?: High severity. CVSS v3 base score is 7.7 out of 10.