X-Pack Security Vulnerability in Elasticsearch Affecting Multiple Versions
CVE-2017-8447

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Elastic X-pack Security
Vendor: CVE Published:; 29 September 2017

Summary

A vulnerability exists within X-Pack Security that affects Elasticsearch versions 5.3.0 to 5.5.2, where insufficient privilege enforcement could allow users with 'delete' or 'index' permissions to issue unauthorized delete or index requests against specific indices. This can result in unintended data modification or loss, posing a serious risk to data integrity and access control within the Elasticsearch environment.

Affected Version(s)

Elastic X-Pack Security 5.3.0 to 5.5.2

References

https://discuss.elastic.co/t/x-pack-security-5-6-0-and-5-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
May 2, 2017