CVE-2024-12556: Kibana Prototype Pollution can lead to code injection
8.7
CVSS
Description
Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
Classification
CVE ID: CVE-2024-12556
CVSS Base Severity: HIGH
CVSS Base Score: 8.7
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Problem Types
CWE-1321Affected Products
Vendor: Elastic
Product: Kibana
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.03% (scored less or equal to compared to others)
EPSS Date: 2025-04-21 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-12556https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918