{"id":"CVE-2022-23709","details":"A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.","modified":"2026-03-11T00:07:21.115018Z","published":"2022-03-03T22:15:08.850Z","references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"e13d5b1fed429df03e29af259ffccd6453250947"},{"fixed":"78e8422ed4e7d2054bd35b82a91299b3f7bd6231"},{"introduced":"0"},{"last_affected":"57ca5e139a33dd2eed927ce98d8231a1f217cd15"}],"database_specific":{"versions":[{"introduced":"7.7.0"},{"fixed":"7.17.1"},{"introduced":"0"},{"last_affected":"8.0.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23709.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}