CVE-2017-8442
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.
Elasticsearch X-Pack Security versiones desde 5.0.0 hasta 5.4.3, cuando está habilitada, pueden resultar en que la API _nodes de Elasticsearch filtre información confidencial de configuración, como las paths y frases de contraseña de las claves SSL que se configuraron como parte de un realm de autenticación. Esto podría permitir que un usuario autenticado de Elasticsearch visualice inapropiadamente estos detalles.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-02 CVE Reserved
- 2017-07-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.elastic.co/community/security | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elastic Search vendor "Elastic" | X-pack Search vendor "Elastic" for product "X-pack" | >= 5.0.0 <= 5.4.3 Search vendor "Elastic" for product "X-pack" and version " >= 5.0.0 <= 5.4.3" | - |
Affected
| ||||||