Security Flaw in X-Pack Affects Elasticsearch by Elastic
CVE-2017-8450

7.5HIGH

Key Information:

Vendor: Elastic
Status: Elastic X-pack Security
Vendor: CVE Published:; 16 June 2017

Summary

X-Pack 5.1.1 contains a vulnerability that fails to enforce proper document and field level security during multi-search and multi-get requests. This oversight can lead to unauthorized users gaining access to sensitive documents and fields, potentially exposing confidential information that should be restricted. It highlights the importance of proper security configurations to safeguard access to critical data.

Affected Version(s)

Elastic X-Pack Security 5.1.1

References

https://www.elastic.co/community/security

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2017
Vulnerability Reserved
May 2, 2017