X-pack@5.1.1 Security Vulnerabilities and Issues — X-pack@5.1.1 CVE List

Lucene search

ElasticX-pack5.1.1

3 matches found

CVE•added 2017/06/05 2:29 p.m.•53 views

CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_...

8.8CVSS8.7AI score0.00411EPSS

CVE•added 2017/06/16 9:29 p.m.•51 views

CVE-2017-8450

X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.

7.5CVSS7.6AI score0.00249EPSS

CVE•added 2017/09/29 1:34 a.m.•43 views

CVE-2017-8448

An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.

8.8CVSS8.5AI score0.00308EPSS