12 matches found
EUVD-2017-17389
Malware in sbrugna...
EUVD-2017-17392
Malware in sbrugna...
Elastic X-Pack Machine Learning Cross-Site Scripting Vulnerability
Elastic X-Pack is an extension of the Elastic Stack log analytics system from Elasticsearch in the Netherlands.X-Pack Machine Learning is one of the machine learning components. A cross-site scripting vulnerability in Elastic X-Pack Machine Learning versions prior to 6.2.4 and prior to 5.6.9 can ...
Elastic X-Pack Alerting Elevation of Privilege Vulnerability
Elastic X-Pack Alerting is an extension of Elastic Stack a log analyzing system from Dutch company Elasticsearch. A security vulnerability exists in the permission schema used in Elastic X-Pack Alerting versions 5.0.0 through 5.6.0. An attacker could exploit the vulnerability to gain elevated...
CVE-2017-8441
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias...
CVE-2017-8438
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...
Design/Logic Flaw
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...
CVE-2017-8438
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...
CVE-2017-8438
Elastic X-Pack Security (Elasticsearch X-Pack Security) versions 5.0.0–5.4.0 contain a privilege escalation vulnerability in the run_as functionality. The bug prevents transitioning to the specified user in a run_as request, and can misbehave if a role template includes the _user properties or if...
CVE-2017-8441
The CVE-2017-8441 issue affects Elastic X-Pack Security: versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This could allow a user with restricted permissions to view data they should not access when performing certain operations against an...
CVE-2017-8438
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...
CVE-2017-8441
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias...