Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic x-pack 5.3.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-8447
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
Elastic X-pack 5.5.2
Elastic X-pack 5.3.1
Elastic X-pack 5.3.2
Elastic X-pack 5.3.3
Elastic X-pack 5.4.0
Elastic X-pack 5.5.0
Elastic X-pack 5.3.0
8.8
CVSSv3
CVE-2017-8438
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, t...
Elastic X-pack 5.4.0
Elastic X-pack 5.2.0
Elastic X-pack 5.1.0
Elastic X-pack 5.3.2
Elastic X-pack 5.3.1
Elastic X-pack 5.3.0
Elastic X-pack 5.2.2
Elastic X-pack 5.2.1
Elastic X-pack 5.0.1
Elastic X-pack 5.0.0
Elastic X-pack 5.3.3
Elastic X-pack 5.1.1
Elastic X-pack 5.0.2
8.8
CVSSv3
CVE-2017-8448
An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.
Elastic X-pack 5.1.1
Elastic X-pack 5.0.1
Elastic X-pack 5.3.1
Elastic X-pack 5.5.2
Elastic X-pack 5.3.2
Elastic X-pack 5.3.3
Elastic X-pack 5.4.0
Elastic X-pack 5.5.0
Elastic X-pack 5.6.0
Elastic X-pack 5.2.2
Elastic X-pack 5.2.1
Elastic X-pack 5.2.0
Elastic X-pack 5.0.2
Elastic X-pack 5.0.0
Elastic X-pack 5.3.0
6.1
CVSSv3
CVE-2017-8451
With X-Pack installed, Kibana versions prior to 5.3.1 have an open redirect vulnerability on the login page that would enable an malicious user to craft a link that redirects to an arbitrary website.
Elastic Kibana
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started