Elastic Elastic X-pack Security
6 CVEs affecting Elastic Elastic X-pack Security. Latest disclosed: 2017-09-29. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-8450 | High | 7.5 | 2017-06-16 | X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field… |
CVE-2017-8447 | Medium | 6.5 | 2017-09-29 | An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster… |
CVE-2016-10364 | Medium | 6.5 | 2017-06-16 | With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authentica… |
CVE-2017-8451 | Medium | 6.1 | 2017-06-16 | With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that re… |
CVE-2017-8449 | Medium | 5.9 | 2017-06-16 | X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules… |
CVE-2017-8445 | Medium | 5.5 | 2017-08-18 | An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replac… |