PT-2017-18338 · Elastic · X-Pack+1

Publicado

2017-08-18

Atualizado

2022-05-13

CVE-2017-8446

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions X-Pack versions prior to 5.5.2 X-Pack standalone Reporting plugin versions prior to 2.4.6

Description The issue allows a user with the reporting user role to execute a report with the permissions of another reporting user, potentially gaining access to sensitive data.

Recommendations For X-Pack versions prior to 5.5.2, update to version 5.5.2 or later. For X-Pack standalone Reporting plugin versions prior to 2.4.6, update to version 2.4.6 or later.

Correção

Insufficiently Protected Credentials

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-269

Identificadores relacionados

CVE-2017-8446

GHSA-M728-QVXH-XFJQ

Produtos afetados

X-Pack

X-Pack Standalone Reporting Plugin

PT-2017-18338 · Elastic · X-Pack+1

CVE-2017-8446

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4