Elastic X-pack
8 CVEs affecting Elastic X-pack. Latest disclosed: 2017-09-29. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-8448 | High | 8.8 | 2017-09-29 | An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that resu… |
CVE-2017-8438 | High | 8.8 | 2017-06-05 | Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specif… |
CVE-2017-8450 | High | 7.5 | 2017-06-16 | X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field… |
CVE-2017-8447 | Medium | 6.5 | 2017-09-29 | An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster… |
CVE-2017-8442 | Medium | 6.5 | 2017-07-07 | Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, su… |
CVE-2017-8449 | Medium | 5.9 | 2017-06-16 | X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules… |
CVE-2017-8445 | Medium | 5.5 | 2017-08-18 | An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replac… |
CVE-2017-8441 | Medium | 4.3 | 2017-06-05 | Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user… |