CVE-2017-8447
29.09.2017, 01:34
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.Enginsight
| Vendor | Product | Version |
|---|---|---|
| elastic | x-pack | 5.3.0 |
| elastic | x-pack | 5.3.1 |
| elastic | x-pack | 5.3.2 |
| elastic | x-pack | 5.3.3 |
| elastic | x-pack | 5.4.0 |
| elastic | x-pack | 5.5.0 |
| elastic | x-pack | 5.5.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.