CVE-2017-8449
16.06.2017, 21:29
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.Enginsight
| Vendor | Product | Version |
|---|---|---|
| elastic | x-pack | 5.2.0 ≤ 𝑥 ≤ 5.2.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.