CVE-2017-8447

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Elastic X-pack Security
Vendor: CVE Published:; 29 September 2017

Summary

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.

Affected Version(s)

Elastic X-Pack Security 5.3.0 to 5.5.2

References

https://discuss.elastic.co/t/x-pack-security-5-6-0-and-5-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2017
Vulnerability Reserved
May 2, 2017