Kibana 7.17.14edit

Review the following information about the Kibana 7.17.14 release.

Security updateedit

  • Kibana heap buffer overflow vulnerability

    On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibana’s reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.

    The issue is resolved in 7.17.14.

    For more information, see our related security announcement.