A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
CPE | Name | Operator | Version |
---|---|---|---|
elasticsearch | eq | 7.17.0 | |
elasticsearch | eq | 7.16.0 | |
elasticsearch | eq | 7.16.1 |