Описание
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:elastic:x-pack:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:x-pack:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:x-pack:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:x-pack:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:x-pack:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:x-pack:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:x-pack:5.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
CWE-269
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
EPSS
Процентиль: 30%
0.00111
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
CWE-269