CVE-2026-33463
MEDIUM5.3EPSS 0.07%Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
發布日:2026/6/1修改日:2026/6/1
也稱為:BIT-elk-2026-33463BIT-kibana-2026-33463
描述
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.
受影響套件(1)
- Bitnami/elk>= 8.0.0, < 8.19.16, >= 9.0.0, < 9.3.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |