Code injection

2017-09-2901:34:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either ‘delete’ or ‘index’ permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.

CPENameOperatorVersion
x-packeq5.3.2
x-packeq5.3.3
x-packeq5.3.1
x-packeq5.4.0
x-packeq5.3.0
x-packeq5.5.0
x-packeq5.5.2

Name	Operator	Version
x-pack	eq	5.3.2
x-pack	eq	5.3.3
x-pack	eq	5.3.1
x-pack	eq	5.4.0
x-pack	eq	5.3.0
x-pack	eq	5.5.0
x-pack	eq	5.5.2

References

discuss.elastic.co/t/x-pack-security-5-6-0-and-5-5-3-security-update/100089