Elastic X-pack Security
3 CVEs affecting Elastic X-pack Security. Latest disclosed: 2018-03-30. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-8438 | High | 8.8 | 2017-06-05 | Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specif… |
CVE-2017-8441 | Medium | 4.3 | 2017-06-05 | Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user… |
CVE-2018-3822 | | 2018-03-30 | X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacke… |