HomePentest-Tools.com Logo

Elastic Kibana X-Pack CVE-2017-8450 Information Disclosure Vulnerability - Windows

Severity
CVSSv3 Score
7.5
Vulnerability description

Elastic Kibana with X-Pack is prone to an information disclosure vulnerability.

Risk description

The Flaw is due to a not properly applied document and field level security to multi-search and multi-get requests. Successful exploitation allows users without access to a document and/or field able to access this information.

Recommendation

Update to Elastic Kibana X-Pack version 5.1.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 16, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available