HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2017-8449 Insufficient Access Restriction Vulnerability (Windows)

Severity
CVSSv3 Score
5.9
Vulnerability description

Elastic Kibana with X-Pack is prone to an insufficient access restriction vulnerability.

Risk description

The Flaw would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.

Recommendation

Update to Elastic Kibana X-Pack version 5.3.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 16, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available