HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2017-8446 Impersonation Vulnerability - Windows

Severity
CVSSv3 Score
5.3
Vulnerability description

Elastic Kibana with X-Pack is prone to an impersonation vulnerability.

Risk description

The Flaw is due to a user with the reporting_user role could execute a report with the permissions of another reporting user. Successful exploitation could allow access to sensitive data.

Recommendation

Update to Elastic Kibana X-Pack version 5.5.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 18, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available