CVE-2017-8449

Summary

X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.

Affected Software

VendorProductVersion RangeStatus
ElasticElastic X-Pack Securitybefore 5.3.0affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References