CVE-2024-43708: 
Kibana vulnerability analysis and mitigation

An allocation of resources without limits or throttling vulnerability was discovered in Kibana (CVE-2024-43708). The vulnerability affects Kibana versions 7.x prior to 7.17.23 and 8.x prior to 8.15.0. The issue can lead to a crash when a specially crafted payload is sent to various inputs in the Kibana UI. This vulnerability can be exploited by users who have read access to any feature in Kibana (Elastic Discussion).

The vulnerability is classified as CWE-770 (Allocation of Resources Without Limits or Throttling). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability requires network access and low privileges to exploit, with no user interaction needed (NVD).

When successfully exploited, this vulnerability can cause a crash of the Kibana service, leading to a denial of service condition. The attack affects availability but does not impact confidentiality or integrity of the system (Elastic Discussion).

The vulnerability has been fixed in Kibana versions 7.17.23 and 8.15.0. Users are recommended to upgrade to these versions to mitigate the risk (Elastic Discussion).