HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2017-8438 Privilege Escalation Vulnerability - Windows

Severity
CVSSv3 Score
8.8
Vulnerability description

Elastic Kibana with X-Pack is prone to a privilege escalation vulnerability.

Risk description

The Flaw is due to a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen.

Recommendation

Update to Elastic Kibana X-Pack version 5.4.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 5, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available