X-pack Security Vulnerabilities and Issues — X-pack CVE List

Lucene search

ElasticX-pack

4 matches found

CVE•added 2017/06/05 2:29 p.m.•53 views

CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_...

8.8CVSS8.7AI score0.00411EPSS

CVE•added 2017/06/16 9:29 p.m.•51 views

CVE-2017-8449

X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.

5.9CVSS5.7AI score0.00262EPSS

CVE•added 2017/06/16 9:29 p.m.•51 views

CVE-2017-8450

X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.

7.5CVSS7.6AI score0.00249EPSS

CVE•added 2017/06/05 2:29 p.m.•49 views

CVE-2017-8441

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.

4.3CVSS4.4AI score0.00133EPSS