Design/Logic Flaw

2017-06-0514:29:00

PRIOn knowledge base

www.prio-n.com

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.

CPENameOperatorVersion
x-packge5.3.0
x-packlt5.3.3
x-packge5.4.0
x-packlt5.4.1

Name	Operator	Version
x-pack	ge	5.3.0
x-pack	lt	5.3.3
x-pack	ge	5.4.0
x-pack	lt	5.4.1

References

discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released

www.elastic.co/community/security