CVE-2026-33458
HIGH7.7EPSS 0.05%Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
發布日:2026/4/13修改日:2026/4/17
描述
Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.
受影響套件(2)
- Bitnami/elk>= 9.3.0, < 9.3.3
- Bitnami/kibana>= 9.3.0, < 9.3.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |