CVE-2017-8441

Summary

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.

Affected Software

VendorProductVersion RangeStatus
ElasticX-Pack Securityprior to 5.4.1 and 5.3.3affected

Weaknesses

  • CWE-279: CWE-279: Incorrect Execution-Assigned Permissions

ADP Enrichment

CVE Program Container

Additional References

References