Vulnerability Details CVE-2017-8441
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952
- https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released
- https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952
- https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released
- https://www.elastic.co/community/security