cbcvebase.
CVE-2017-8438
published 2017-06-05

CVE-2017-8438: Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the…

PriorityP344high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.03%
59.3th percentile
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen.

Affected

14 ranges
VendorProductVersion rangeFixed in
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack
elasticx-pack_security

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.