Vulnerabilities
Vulnerable Software
Elastic:  >> X-Pack  >> 5.5.0  Security Vulnerabilities
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-09-29
An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-09-29
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-08-18


Contact Us

Shodan ® - All rights reserved