CVE-2024-43706: 
Kibana vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-43706) has been identified in Kibana's Synthetic Monitoring feature. The vulnerability affects Kibana versions 8.12.0 and older, allowing potential privilege abuse through direct HTTP requests to Synthetic monitor endpoints. The flaw was discovered and disclosed by Elastic, with a CVSS score of 7.6, indicating high severity (SecurityOnline, Elastic Discuss).

The vulnerability stems from improper authorization checks on the synthetics endpoint. In affected versions, users with lower privileges can potentially access Synthetic monitor functionality through direct API requests, bypassing role-based restrictions enforced in the user interface. The vulnerability has been assigned a CVSS score of 7.6 with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/CR:M/IR:M/AR:M (Elastic Discuss).

The vulnerability could result in unauthorized data visibility or service misuse, depending on how the monitor is configured. The flaw affects both self-hosted deployments and those running on Elastic Cloud, potentially allowing attackers to bypass user interface constraints and access data or trigger actions without appropriate authorization (SecurityOnline).

Elastic has released version 8.12.1 which patches this vulnerability. For users unable to upgrade, several workarounds are available: For self-hosted deployments, users can disable Synthetics Monitoring by adding 'xpack.uptime.enabled: false' to their kibana.yml file, or apply an index block on synthetics- indices to make them read-only. For Elastic Cloud users, applying a read-only block on all synthetics- indices through index management is recommended (Elastic Discuss).