CVE-2017-8449

MEDIUM

Elastic X-pack < 5.2.2 - Information Disclosure

Title source: rule

Description

X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.

References (1)

[Vendor Advisory] https://www.elastic.co/community/security

Scores

CVSS v3 5.9

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200 CWE-732

Status published

Products (2)

elastic/x-pack < 5.2.2

Elastic/Elastic X-Pack Security < before 5.3.0

Published Jun 16, 2017

Tracked Since Feb 18, 2026