Privilege Escalation in Elastic X-Pack Security by Elastic
CVE-2017-8438

8.8HIGH

Key Information:

Vendor: Elastic
Status: X-pack Security
Vendor: CVE Published:; 5 June 2017

What is CVE-2017-8438?

Elastic X-Pack Security versions 5.0.0 through 5.4.0 are susceptible to a privilege escalation vulnerability that affects the run_as functionality. This flaw disrupts the ability to transition to a user specified in a run_as request, especially when a role is created using a template with _user properties. If a specified run_as user does not exist, the intended transition fails, potentially allowing unauthorized access.