HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2017-8442 Information Disclosure Vulnerability - Windows

Severity
CVSSv3 Score
6.5
Vulnerability description

Elastic Kibana with X-Pack is prone to an information disclosure vulnerability.

Risk description

The Flaw is due to the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. Successful exploitation could allow an authenticated Elasticsearch user to improperly view these details.

Recommendation

Update to version 5.4.4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 7, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available