Elastic X-Pack Security vulnerabilities

CVE-2018-3822 [CRITICAL] CWE-287 CVE-2018-3822: X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via i X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an

CVE-2017-8438 [HIGH] CWE-284 CVE-2017-8438: Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as fun Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user sp

CVE-2017-8441 [MEDIUM] CWE-279 CVE-2017-8441: Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Le Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.