HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2017-8448 Privilege Elevation Vulnerability - Windows

Severity
CVSSv3 Score
8.8
Vulnerability description

Elastic Kibana with X-Pack is prone to a privilege elevation vulnerability.

Risk description

The Flaw is due to an error in the permission model whereby users mapped to certain built-in roles could create a watch. Successful exploitation allows a user gaining elevated privileges.

Recommendation

Update to Elastic Kibana X-Pack version 5.6.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 29, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available