CVE-2017-8450
16.06.2017, 21:29
X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.Enginsight
| Vendor | Product | Version |
|---|---|---|
| elastic | x-pack | 5.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.