{"id":"CVE-2024-43706","details":"Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.","aliases":["BIT-elk-2024-43706","BIT-kibana-2024-43706"],"modified":"2026-04-10T05:16:29.063119Z","published":"2025-06-10T17:19:24.820Z","references":[{"type":"REPORT","url":"https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-21/379064"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"0"},{"last_affected":"e9092c0a17923f4ed984456b8a5db619b0a794b3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.12.0"}]}}],"versions":["7.0-known-good","deploy@1693594780","deploy@1693609987","deploy@1693853982","deploy@1693860790","deploy@1693866333","deploy@1694087994","deploy@1694162455","deploy@1694506029","deploy@1694683198","deploy@1695286747","deploy@1696328885","deploy@1696415195","deploy@1696508231","deploy@1696618725","deploy@1696873111","deploy@1697028216","deploy@1697232175","deploy@1697564183","deploy@1698046713","deploy@1698657637","deploy@1699260155","deploy@1699865290","deploy@1700491293","deploy@1701160888","deploy@1701687168","test-depl-20231013154558","test-depl-20231025084603","v4.0.0-beta1","v4.0.0-beta1.1","v4.0.0-beta2","v4.0.0-beta3","v4.2.0-beta1","v5.0.0-alpha5","v6.0.0-alpha1","v6.0.0-alpha2","v7.0.0-alpha1","v8.0.0-alpha1","v8.0.0-alpha2","v8.12.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43706.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}