CVE-2017-8446

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.
References
Link Resource
https://www.elastic.co/community/security Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:elasticsearch:x-pack:*:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:x-pack_reporting:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-18 20:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-8446

Mitre link : CVE-2017-8446

CVE.ORG link : CVE-2017-8446


JSON object : View

Products Affected

elasticsearch

  • x-pack_reporting
  • x-pack
CWE
CWE-269

Improper Privilege Management

CWE-522

Insufficiently Protected Credentials