CVE-2017-8442

MEDIUM

Elasticsearch X-Pack Security <5.4.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.elastic.co/community/security

Scores

CVSS v3 6.5
EPSS 0.0043
EPSS Percentile 62.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-402
Status published
Products (2)
Elastic/Elasticsearch X-Pack Security 5.0.0 to 5.4.3
elastic/x-pack 5.0.0 - 5.4.3
Published Jul 07, 2017
Tracked Since Feb 18, 2026