Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.
[
{
"product": "X-Pack Security",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "prior to 5.4.1 and 5.3.3"
}
]
}
]