Security Flaw in X-Pack Affects Elasticsearch by Elastic
CVE-2017-8450

7.5HIGH

Key Information:

Vendor
Elastic
Vendor
CVE Published:
16 June 2017

Summary

X-Pack 5.1.1 contains a vulnerability that fails to enforce proper document and field level security during multi-search and multi-get requests. This oversight can lead to unauthorized users gaining access to sensitive documents and fields, potentially exposing confidential information that should be restricted. It highlights the importance of proper security configurations to safeguard access to critical data.

Affected Version(s)

Elastic X-Pack Security 5.1.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.