X-Pack Security Vulnerability in Elasticsearch Affecting Multiple Versions
CVE-2017-8447
6.5MEDIUM
Summary
A vulnerability exists within X-Pack Security that affects Elasticsearch versions 5.3.0 to 5.5.2, where insufficient privilege enforcement could allow users with 'delete' or 'index' permissions to issue unauthorized delete or index requests against specific indices. This can result in unintended data modification or loss, posing a serious risk to data integrity and access control within the Elasticsearch environment.
Affected Version(s)
Elastic X-Pack Security 5.3.0 to 5.5.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved