Описание
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.5.1 (включая)Версия до 2.4.5 (включая)
Одно из
cpe:2.3:a:elasticsearch:x-pack:*:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:x-pack_reporting:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00145
Низкий
5.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522
CWE-269
Связанные уязвимости
EPSS
Процентиль: 35%
0.00145
Низкий
5.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522
CWE-269