Every CVE whose affected-product data names Elastic X-pack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2018-3822 — CVSS 9.8 (critical): X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM…
CVE-2017-8438 — CVSS 8.8 (high): Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents…
CVE-2017-8448 — CVSS 8.8 (high): An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could…
CVE-2017-8450 — CVSS 7.5 (high): X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a…
CVE-2017-8447 — CVSS 6.5 (medium): An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an…
CVE-2017-8442 — CVSS 6.5 (medium): Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive…
CVE-2017-8449 — CVSS 5.9 (medium): X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of…
CVE-2017-8445 — CVSS 5.5 (medium): An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust…
CVE-2017-8441 — CVSS 4.3 (medium): Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug…