{"id":"CVE-2023-31415","details":"Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.","modified":"2026-04-10T04:57:37.686427Z","published":"2023-05-04T21:15:11.760Z","references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/kibana-8-7-1-security-updates/332330"},{"type":"ADVISORY","url":"https://www.elastic.co/community/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"0"},{"last_affected":"05f12599523732051b84dde0b8d5610e0db2b06d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.7.0"}]}}],"versions":["7.0-known-good","v4.0.0-beta1","v4.0.0-beta1.1","v4.0.0-beta2","v4.0.0-beta3","v4.2.0-beta1","v5.0.0-alpha5","v6.0.0-alpha1","v6.0.0-alpha2","v7.0.0-alpha1","v8.0.0-alpha1","v8.0.0-alpha2","v8.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31415.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}