CVE-2017-8441

Published: Jun 5, 2017Modified: May 13, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.

Affected (2)

Products: Elastic: X Pack

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Elastic X Pack	From 5.3.0 to 5.3.3
Elastic X Pack	From 5.4.0 to 5.4.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Incorrect Execution-Assigned Permissions

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

References (6)

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

Source: security@elastic.co

Vendor Advisory

https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released

Source: security@elastic.co

Release NotesVendor Advisory

https://www.elastic.co/community/security

Source: security@elastic.co

Vendor Advisory

https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.elastic.co/community/security

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.