Hi,
Enterprise 1.59.0_es8.15.1
Is this something that also impacts when using ROR or not?
Thanks for checking.
Hi,
As I see there is no public exploit or POC available right now, but based on this post Kibana 8.17.3 Security Update (ESA-2025-06) - Security Announcements - Discuss the Elastic Stack
In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role.
In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users that have roles that contain all the following privileges:
fleet-all,integrations-all,actions:execute-advanced-connectors
In the ReadonlyREST plugin, these above conditions won’t be met, however since we don’t know the attack vector, I would recommend following elastic team recommendations:
Users should upgrade to Kibana version 8.17.3.
For users that cannot upgrade:
Setxpack.integration_assistant.enabled: falsein Kibana’s configuration.
2 Likes