You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for submitting this workaround @ypid-geberit. I'm closing out this issue as a majority of users have been able to upgrade their Kibana to mitigate the vulnerability so we didn't need to rely on this work-around.
I would like to propose a workaround to mitigate CVE-2018-17245 which:
xpack.reporting.enabled
.It works by blocking outgoing connections from the Kibana user to the Internet on the server where Kibana is running. Example iptables script:
Feel free to give feedback on this. Note that I already posted this in the forum and was redirected here.
Ref: https://www.elastic.co/blog/elastic-support-alert-kibana-reporting-vulnerability
Ref: #24177
Ref: https://discuss.elastic.co/t/workaround-for-kibana-reporting-vulnerability-esa-2018-17-cve-2018-17245/156078
The text was updated successfully, but these errors were encountered: