CVE-2017-8445 — MEDIUM (5.5)

Q: How severe is CVE-2017-8445?

CVE-2017-8445 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8445?

Check the references section above for vendor advisories and patch information. Affected products include: Elastic X-Pack.

Vulnerability Description

An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Elastic	X-Pack	>= 5.0.0, <= 5.5.1

Related Weaknesses (CWE)

CWE-295

References

https://www.elastic.co/community/securityVendor Advisory
https://www.elastic.co/community/securityVendor Advisory

FAQ

What is CVE-2017-8445?

CVE-2017-8445 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certi...

How severe is CVE-2017-8445?

CVE-2017-8445 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8445?

Check the references section above for vendor advisories and patch information. Affected products include: Elastic X-Pack.