CVE-2017-8445

Name of the Vulnerable Software and Affected Versions Elasticsearch X-Pack versions 5.0.0 through 5.5.1

Description An error in the X-Pack Security TLS trust manager could allow any node using any certificate to join a cluster if reloading the trust material fails. The trust manager will be replaced with an instance that trusts all certificates, instead of denying all certificates as expected.

Recommendations For versions 5.0.0 through 5.5.1, as a temporary workaround, consider restricting cluster join operations to prevent unauthorized nodes from joining until a proper fix is applied.