X-Pack Security Vulnerability in Elasticsearch Affecting Multiple Versions
CVE-2017-8447

6.5MEDIUM

Key Information:

Vendor
Elastic
Vendor
CVE Published:
29 September 2017

Summary

A vulnerability exists within X-Pack Security that affects Elasticsearch versions 5.3.0 to 5.5.2, where insufficient privilege enforcement could allow users with 'delete' or 'index' permissions to issue unauthorized delete or index requests against specific indices. This can result in unintended data modification or loss, posing a serious risk to data integrity and access control within the Elasticsearch environment.

Affected Version(s)

Elastic X-Pack Security 5.3.0 to 5.5.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.