One of the big problems that software development companies have is the security vulnerabilities that code may contain. There are many reasons for this, so Elastic the owner of Kibana has announced a vulnerability that allows arbitrary code execution.
The versions affected are versions prior to 8.14.12 and 7.17.23.
We recommend reading the official announcement for the scope of the problem (ESA-2024-22).me of which can be attributed to human error due to lack of experience or malpractice. At company level, the lack of procedures in the design and development of the product and, finally, those related to the evolution of technology itself.
These problems occur in all companies, regardless of the size of the company, it has happened to us and it will surely happen again, despite all the measures that are implemented.
WOCU-Monitoring is distributed with Kibana with version 7.17.23. It is important to note that Kibana is disabled by default but whether you use it or not, it is recommended to update it.
In the next version to be released at the end of this Q, we have updated following Elastic’s recommendations.
Solved
We also provide our customers with an alternative that allows them to fix the vulnerability without the need to upgrade to the next version, something we recommend in order to enjoy the new features, performance improvements and many other advantages, apart from remembering that WOCU-Monitoring only supports the current version and the previous one.
To resolve this vulnerability follow the steps below:
1- Download the script to implement the solution from WOCU-Monitoring
curl https://files.wocu-monitoring.com/kibana-cve-2024-37287.sh
output kibana-cve-2024-37287.sh
2- Run the script with root privileges
sudo -i bash ./kibana-cve-2024-37287.sh
The output shows the following messages
Downloading kibana 7.17.23
Extracting kibana
Copying kibana
kibana-7.17.23-linux-x86_64/
Removing data files
Creating soft links
Creating a patch file for kibana in supervisor
Applying the patch to kibana in supervisor
Patching the kibana.conf file
Reloading supervisor
kibana: stopped
kibana: started
The WOCU-Monitoring team.
