2025-12-18 22:21:09
elastic
PUBLISHED
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to change a documents sharing type to "global," even though they do not have permission to do so, making it visible to everyone in the space via a crafted a HTTP request.