Vulnerability Description
Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elastic | X-Pack | >= 5.3.0, < 5.3.3 |
Related Weaknesses (CWE)
References
- https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/8795Vendor Advisory
- https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-releasedRelease NotesVendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
- https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/8795Vendor Advisory
- https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-releasedRelease NotesVendor Advisory
- https://www.elastic.co/community/securityVendor Advisory
FAQ
What is CVE-2017-8441?
CVE-2017-8441 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data ...
How severe is CVE-2017-8441?
CVE-2017-8441 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8441?
Check the references section above for vendor advisories and patch information. Affected products include: Elastic X-Pack.