5 matches found
Elasticsearch ESA-2017-18
An error was found in the X-Pack Security privilege enforcement. If a user has either delete or index permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. C Tenable Network Security, Inc. include"compat.inc"; if description...
Elastic Kibana X-Pack 'CVE-2017-8447' Insufficient Access Restriction Vulnerability - Linux
Elastic Kibana with X-Pack is prone to an insufficient access restriction vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Elastic Kibana X-Pack 'CVE-2017-8447' Insufficient Access Restriction Vulnerability - Windows
Elastic Kibana with X-Pack is prone to an insufficient access restriction vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-8447
Summary: CVE-2017-8447 affects Elastic Stack’s X-Pack Security. A bug in the privilege enforcement (versions 5.3.0–5.5.2) can let a user with either ‘delete’ or ‘index’ permissions issue both delete and index requests against the same index. This could enable unintended modification/permission re...
X-Pack Security 5.6.0 and 5.5.3 security update
X-Pack Security permission issue ESA-2017-18 An error was found in the X-Pack Security privilege enforcement. If a user has either ‘delete’ or ‘index’ permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. Previously if a user had bulk...