Search...

Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)

2017-10-23T00:00:00

ID OPENVAS:1361412562310108264
Type openvas
Reporter Copyright (C) 2017 Greenbone Networks GmbH
Modified 2018-10-19T00:00:00

Description

This host is running Elasticsearch Kibana with X-Pack and is prone to an insufficient access restriction vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 11983 2018-10-19 10:04:45Z mmartin $
#
# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)
#
# Authors:
# Christian Fischer &lt;christian.fischer@greenbone.net&gt;
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:elasticsearch:x-pack";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108264");
  script_version("$Revision: 11983 $");
  script_cve_id("CVE-2017-8441");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_tag(name:"last_modification", value:"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $");
  script_tag(name:"creation_date", value:"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)");
  script_name("Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)");
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_dependencies("gb_elasticsearch_kibana_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("Elasticsearch/Kibana/X-Pack/Installed", "Host/runs_unixoide");
  script_require_ports("Services/www", 5601);

  script_xref(name:"URL", value:"https://www.elastic.co/community/security");

  script_tag(name:"summary", value:"This host is running Elasticsearch Kibana with X-Pack and is prone to an
  insufficient access restriction vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The Flaw is due to not always correctly apply Document Level Security to
  index aliases.");

  script_tag(name:"impact", value:"Successful exploitation could allow an user with restricted permissions to
  view data they should not have access to when performing certain operations against an index alias.");

  script_tag(name:"affected", value:"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.");

  script_tag(name:"solution", value:"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );

if( version_is_less( version:vers, test_version:"5.3.3" ) ) {
  fix = "5.3.3";
}

if( vers =~ "^5\.4" && version_is_less( version:vers, test_version:"5.4.1" ) ) {
  fix = "5.4.1";
}

if( fix ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:fix );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310108264", "bulletinFamily": "scanner", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)", "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "published": "2017-10-23T00:00:00", "modified": "2018-10-19T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108264", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://www.elastic.co/community/security"], "cvelist": ["CVE-2017-8441"], "type": "openvas", "lastseen": "2019-05-29T18:34:55", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-8441"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a8f2e4fd521fd6a852c9866336a7bd5dfbaadfd67cfba35dc5f01eea046bfc7c", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "720f11a2340b7ff1bd2ba19c35f48781", "key": "sourceData"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "79166d835113732e58fb18a0502586c8", "key": "pluginID"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "1c3d8ebd065ce1fb863a09610f7dccfc", "key": "references"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7b0f9cc7853d8d1ccbfab6c5d339de35", "key": "description"}, {"hash": "c1addba3bb376fec85563cbc66f7d0b0", "key": "href"}, {"hash": "30b8c63c738508804cbddea141b6640c", "key": "published"}, {"hash": "c6c5de465b0ffb20da8743da342d5f37", "key": "title"}, {"hash": "b76cfa10a0c219b584556c0252910fe5", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108264", "id": "OPENVAS:1361412562310108264", "lastseen": "2018-09-01T23:45:19", "modified": "2017-10-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310108264", "published": "2017-10-23T00:00:00", "references": ["https://www.elastic.co/community/security"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 7543 2017-10-24 11:02:02Z cfischer $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108264\");\n script_version(\"$Revision: 7543 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:02:02 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of the Detection-NVT and check\n if the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\n\n For updates refer to https://www.elastic.co\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:45:19"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-8441"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "edition": 1, "enchantments": {}, "hash": "3239807da89c08ecc6b99d20534c6c79ac541f5dd4773a494f412cc8904d818d", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "79166d835113732e58fb18a0502586c8", "key": "pluginID"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "a5b3873e6c86d0d9ea692dada2c4e5d7", "key": "sourceData"}, {"hash": "1c3d8ebd065ce1fb863a09610f7dccfc", "key": "references"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7b0f9cc7853d8d1ccbfab6c5d339de35", "key": "description"}, {"hash": "c1addba3bb376fec85563cbc66f7d0b0", "key": "href"}, {"hash": "30b8c63c738508804cbddea141b6640c", "key": "published"}, {"hash": "c6c5de465b0ffb20da8743da342d5f37", "key": "title"}, {"hash": "b76cfa10a0c219b584556c0252910fe5", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108264", "id": "OPENVAS:1361412562310108264", "lastseen": "2017-10-24T10:58:32", "modified": "2017-10-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310108264", "published": "2017-10-23T00:00:00", "references": ["https://www.elastic.co/community/security"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 7536 2017-10-24 05:28:23Z cfischer $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108264\");\n script_version(\"$Revision: 7536 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 07:28:23 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of the Detection-NVT and check\n if the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\n\n For updates refer to https://www.elastic.co\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( host_runs( \"Windows\" ) == \"yes\") exit( 0 );\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["sourceData"], "edition": 1, "lastseen": "2017-10-24T10:58:32"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-8441"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "12ed4d32c150e3a435581de2cf4d46426c5609156078ae87d9c8c10376480697", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "720f11a2340b7ff1bd2ba19c35f48781", "key": "sourceData"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "79166d835113732e58fb18a0502586c8", "key": "pluginID"}, {"hash": "1c3d8ebd065ce1fb863a09610f7dccfc", "key": "references"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7b0f9cc7853d8d1ccbfab6c5d339de35", "key": "description"}, {"hash": "c1addba3bb376fec85563cbc66f7d0b0", "key": "href"}, {"hash": "30b8c63c738508804cbddea141b6640c", "key": "published"}, {"hash": "c6c5de465b0ffb20da8743da342d5f37", "key": "title"}, {"hash": "b76cfa10a0c219b584556c0252910fe5", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108264", "id": "OPENVAS:1361412562310108264", "lastseen": "2018-08-30T19:20:39", "modified": "2017-10-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310108264", "published": "2017-10-23T00:00:00", "references": ["https://www.elastic.co/community/security"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 7543 2017-10-24 11:02:02Z cfischer $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108264\");\n script_version(\"$Revision: 7543 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:02:02 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of the Detection-NVT and check\n if the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\n\n For updates refer to https://www.elastic.co\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:20:39"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-8441"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "edition": 5, "enchantments": {"dependencies": {"modified": "2018-10-22T16:36:29", "references": [{"idList": ["CVE-2017-8441"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310108263"], "type": "openvas"}, {"idList": ["ELASTICSEARCH_ESA_2017_09.NASL"], "type": "nessus"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "ac350edfb87aa986ac71caa53bdb3b5fc75cd581f3fa38942d79b6c6deb35984", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "79166d835113732e58fb18a0502586c8", "key": "pluginID"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "1c3d8ebd065ce1fb863a09610f7dccfc", "key": "references"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ab6f16312cb5de475b4b72095e66f91f", "key": "sourceData"}, {"hash": "7b0f9cc7853d8d1ccbfab6c5d339de35", "key": "description"}, {"hash": "c1addba3bb376fec85563cbc66f7d0b0", "key": "href"}, {"hash": "30b8c63c738508804cbddea141b6640c", "key": "published"}, {"hash": "c6c5de465b0ffb20da8743da342d5f37", "key": "title"}, {"hash": "60a89824e288edb13ed6986cb8fe3624", "key": "modified"}, {"hash": "b76cfa10a0c219b584556c0252910fe5", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108264", "id": "OPENVAS:1361412562310108264", "lastseen": "2018-10-22T16:36:29", "modified": "2018-10-19T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310108264", "published": "2017-10-23T00:00:00", "references": ["https://www.elastic.co/community/security"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108264\");\n script_version(\"$Revision: 11983 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-10-22T16:36:29"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-8441"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a8f2e4fd521fd6a852c9866336a7bd5dfbaadfd67cfba35dc5f01eea046bfc7c", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "720f11a2340b7ff1bd2ba19c35f48781", "key": "sourceData"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "79166d835113732e58fb18a0502586c8", "key": "pluginID"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "1c3d8ebd065ce1fb863a09610f7dccfc", "key": "references"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7b0f9cc7853d8d1ccbfab6c5d339de35", "key": "description"}, {"hash": "c1addba3bb376fec85563cbc66f7d0b0", "key": "href"}, {"hash": "30b8c63c738508804cbddea141b6640c", "key": "published"}, {"hash": "c6c5de465b0ffb20da8743da342d5f37", "key": "title"}, {"hash": "b76cfa10a0c219b584556c0252910fe5", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108264", "id": "OPENVAS:1361412562310108264", "lastseen": "2017-10-25T14:49:31", "modified": "2017-10-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310108264", "published": "2017-10-23T00:00:00", "references": ["https://www.elastic.co/community/security"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 7543 2017-10-24 11:02:02Z cfischer $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108264\");\n script_version(\"$Revision: 7543 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:02:02 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of the Detection-NVT and check\n if the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\n\n For updates refer to https://www.elastic.co\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-25T14:49:31"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "b76cfa10a0c219b584556c0252910fe5"}, {"key": "cvss", "hash": "e258b79b31d39a327c9dafeb61b7a729"}, {"key": "description", "hash": "7b0f9cc7853d8d1ccbfab6c5d339de35"}, {"key": "href", "hash": "c1addba3bb376fec85563cbc66f7d0b0"}, {"key": "modified", "hash": "60a89824e288edb13ed6986cb8fe3624"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "79166d835113732e58fb18a0502586c8"}, {"key": "published", "hash": "30b8c63c738508804cbddea141b6640c"}, {"key": "references", "hash": "1c3d8ebd065ce1fb863a09610f7dccfc"}, {"key": "reporter", "hash": "a2323bbbec1269474bb5afba0147298f"}, {"key": "sourceData", "hash": "ab6f16312cb5de475b4b72095e66f91f"}, {"key": "title", "hash": "c6c5de465b0ffb20da8743da342d5f37"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "f29ce8991f508d9192413f804bfa535f5e6d66f22f6d45829509962f5aa8ac3e", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-8441"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108263"]}, {"type": "nessus", "idList": ["ELASTICSEARCH_ESA_2017_09.NASL"]}], "modified": "2019-05-29T18:34:55"}, "score": {"value": 5.5, "vector": "NONE", "modified": "2019-05-29T18:34:55"}, "vulnersScore": 5.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_lin.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108264\");\n script_version(\"$Revision: 11983 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Linux)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "naslFamily": "Web application abuses", "pluginID": "1361412562310108264", "scheme": null}

{"cve": [{"lastseen": "2019-10-10T12:22:22", "bulletinFamily": "NVD", "description": "Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.", "modified": "2019-10-09T23:30:00", "id": "CVE-2017-8441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8441", "published": "2017-06-05T14:29:00", "title": "CVE-2017-8441", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "description": "This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.", "modified": "2018-10-19T00:00:00", "published": "2017-10-23T00:00:00", "id": "OPENVAS:1361412562310108263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108263", "title": "Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_elasticsearch_kibana_xpack_CVE-2017-8441_win.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:elasticsearch:x-pack\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108263\");\n script_version(\"$Revision: 11983 $\");\n script_cve_id(\"CVE-2017-8441\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-23 10:54:29 +0200 (Mon, 23 Oct 2017)\");\n script_name(\"Elasticsearch Kibana X-Pack 'CVE-2017-8441' Insufficient Access Restriction Vulnerability (Windows)\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_elasticsearch_kibana_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Elasticsearch/Kibana/X-Pack/Installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 5601);\n\n script_xref(name:\"URL\", value:\"https://www.elastic.co/community/security\");\n\n script_tag(name:\"summary\", value:\"This host is running Elasticsearch Kibana with X-Pack and is prone to an\n insufficient access restriction vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw is due to not always correctly apply Document Level Security to\n index aliases.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an user with restricted permissions to\n view data they should not have access to when performing certain operations against an index alias.\");\n\n script_tag(name:\"affected\", value:\"Elasticsearch Kibana X-Pack versions prior to 5.3.3 and 5.4.x prior to 5.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to Elasticsearch Kibana X-Pack version 5.3.3, 5.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"5.3.3\" ) ) {\n fix = \"5.3.3\";\n}\n\nif( vers =~ \"^5\\.4\" && version_is_less( version:vers, test_version:\"5.4.1\" ) ) {\n fix = \"5.4.1\";\n}\n\nif( fix ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2019-11-05T10:30:25", "bulletinFamily": "scanner", "description": "X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always\ncorrectly apply Document Level Security to index aliases. This bug\ncould allow a user with restricted permissions to view data they\nshould not have access to when performing certain operations against\nan index alias.", "modified": "2019-11-02T00:00:00", "id": "ELASTICSEARCH_ESA_2017_09.NASL", "href": "https://www.tenable.com/plugins/nessus/112039", "published": "2018-08-22T00:00:00", "title": "Elasticsearch ESA-2017-09", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112039);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2017-8441\");\n\n script_name(english:\"Elasticsearch ESA-2017-09\");\n script_summary(english:\"Checks the version of Elasticsearch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a Java application that is affected by an \nunauthorised information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always\ncorrectly apply Document Level Security to index aliases. This bug\ncould allow a user with restricted permissions to view data they\nshould not have access to when performing certain operations against\nan index alias.\");\n # https://www.elastic.co/guide/en/elasticsearch/reference/5.4/shard-request-cache.html#_enabling_and_disabling_caching\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55986a44\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.elastic.co/community/security\");\n script_set_attribute(attribute:\"solution\", value:\n\"All users of X-Pack security should upgrade to version 5.3.3 or 5.4.1.\nIf you cannot upgrade disabling the request cache on an index will\nmitigate this bug.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8441\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:elastic:x-pack\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"elasticsearch_detect.nbin\");\n script_require_keys(\"installed_sw/Elasticsearch\");\n script_require_ports(\"Services/www\", 9200);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\napp = \"Elasticsearch\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:9200);\n\napp_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);\n\nif (empty_or_null(app_info[\"Plugins/X-Pack/security\"]))\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, app_info['path'], \"X-Pack Security plugin\");\n\nconstraints = [\n { \"fixed_version\" : \"5.3.3\" },\n { \"min_version\" : \"5.4.0\", \"fixed_version\" : \"5.4.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}]}