Lucene search
K
ElasticX-pack

9 matches found

CVE
CVE
added 2017/08/18 8:0 p.m.75 views

CVE-2017-8445

CVE-2017-8445 affects Elasticsearch X-Pack Security TLS trust manager in versions 5.0.0–5.5.1. If trust material reload fails, the trust manager can be replaced with an instance that trusts all certificates, potentially allowing any node using any certificate to join a cluster. The authenticated ...

5.5CVSS5.3AI score0.0016EPSS
CVE
CVE
added 2018/03/30 8:0 p.m.66 views

CVE-2018-3822

Elastic X-Pack Security (part of Elasticsearch) versions 6.2.0–6.2.2 are affected by CVE-2018-3822 due to improper XML canonicalization and DOM traversal in the SAML implementation, enabling a user impersonation attack if the SAML IdP allows self-registration with arbitrary identifiers and an att...

9.8CVSS9.5AI score0.01598EPSS
CVE
CVE
added 2017/06/05 2:0 p.m.65 views

CVE-2017-8438

Elastic X-Pack Security (Elasticsearch X-Pack Security) versions 5.0.0–5.4.0 contain a privilege escalation vulnerability in the run_as functionality. The bug prevents transitioning to the specified user in a run_as request, and can misbehave if a role template includes the _user properties or if...

8.8CVSS8.7AI score0.01025EPSS
CVE
CVE
added 2017/06/16 9:0 p.m.63 views

CVE-2017-8450

CVE-2017-8450 concerns Elastic Stack: Elastic Kibana X-Pack 5.1.1. The issue is an information-disclosure vulnerability where document and field level security were not properly enforced for multi-search and multi-get requests, potentially allowing users without access to certain documents/fields...

7.5CVSS7.6AI score0.00862EPSS
CVE
CVE
added 2017/06/16 9:0 p.m.62 views

CVE-2017-8449

CVE-2017-8449 affects Elastic X-Pack Security 5.2.x (Elasticsearch/Kibana). When field-level security rules for the same index are merged with a mix of grant and exclude rules, a user could see more fields than permitted. This has been documented by SUSE and OpenVAS plugins, with CVSS base scores...

5.9CVSS5.7AI score0.00834EPSS
CVE
CVE
added 2017/09/28 7:0 p.m.61 views

CVE-2017-8447

Summary: CVE-2017-8447 affects Elastic Stack’s X-Pack Security. A bug in the privilege enforcement (versions 5.3.0–5.5.2) can let a user with either ‘delete’ or ‘index’ permissions issue both delete and index requests against the same index. This could enable unintended modification/permission re...

6.5CVSS6.3AI score0.00612EPSS
CVE
CVE
added 2017/06/05 2:0 p.m.58 views

CVE-2017-8441

The CVE-2017-8441 issue affects Elastic X-Pack Security: versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This could allow a user with restricted permissions to view data they should not access when performing certain operations against an...

4.3CVSS4.4AI score0.00733EPSS
CVE
CVE
added 2017/07/07 8:0 p.m.57 views

CVE-2017-8442

CVE-2017-8442 affects Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3. When enabled, the Elasticsearch _nodes API can leak sensitive configuration information, including paths and passphrases of SSL keys used by an authentication realm, potentially exposing credentials to an authenticated u...

6.5CVSS6.4AI score0.00924EPSS
CVE
CVE
added 2017/09/28 7:0 p.m.53 views

CVE-2017-8448

CVE-2017-8448 affects Elastic X-Pack alerting in Elastic Stack versions 5.0.0–5.6.0, where the permission model allowed users mapped to certain built-in roles to create a watch that elevated their privileges. The issue stems from a privilege escalation vulnerability in the X-Pack alerting permiss...

8.8CVSS8.5AI score0.00844EPSS