CVE Vulnerabilities

CVE-2017-8442

Transmission of Private Resources into a New Sphere ('Resource Leak')

Published: Jul 07, 2017 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.

Weakness

The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

Affected Software

Name Vendor Start Version End Version
X-pack Elastic 5.0.0 (including) 5.4.3 (including)

References