CVE-2017-8445
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.
Se ha encontrado un error en el administrador de confianza X-Pack Security TLS en las versiones de la 5.0.0 a la 5.5.1. Si la recarga del material de confianza fracasa, el administrador de confianza será reemplazado por una instancia que confía en todos los certificados. Esto podría permitir que cualquier nodo se uniese a un clúster empleando cualquier certificado. El comportamiento adecuado en esta instancia es que el administrador de confianza TLS niegue todos los certificados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-02 CVE Reserved
- 2017-08-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.elastic.co/community/security | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elastic Search vendor "Elastic" | X-pack Search vendor "Elastic" for product "X-pack" | >= 5.0.0 <= 5.5.1 Search vendor "Elastic" for product "X-pack" and version " >= 5.0.0 <= 5.5.1" | - |
Affected
| ||||||