PT-2017-18338 · Elastic · X-Pack+1

Published

2017-08-18

Updated

2022-05-13

CVE-2017-8446

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions X-Pack versions prior to 5.5.2 X-Pack standalone Reporting plugin versions prior to 2.4.6

Description The issue allows a user with the reporting user role to execute a report with the permissions of another reporting user, potentially gaining access to sensitive data.

Recommendations For X-Pack versions prior to 5.5.2, update to version 5.5.2 or later. For X-Pack standalone Reporting plugin versions prior to 2.4.6, update to version 2.4.6 or later.

Fix

Insufficiently Protected Credentials

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-269

Related Identifiers

CVE-2017-8446

GHSA-M728-QVXH-XFJQ

Affected Products

X-Pack

X-Pack Standalone Reporting Plugin

PT-2017-18338 · Elastic · X-Pack+1

CVE-2017-8446

Weakness Enumeration

Related Identifiers

Affected Products

References · 4