VIR Vulnerability Intelligence Relay

CVE-2017-8447

medium
Published 2017-09-29 · Modified 2026-05-13
CVSS v3
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS v2
5.5
VIR risk
6.5

Description

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@elastic.co — https://discuss.elastic.co/t/x-pack-security-5-6-0-and-5-5-3-security-update/100089

Application impact
VendorProductVersionsFixed
elasticx-pack5.3.0
elasticx-pack5.3.1
elasticx-pack5.3.2
elasticx-pack5.3.3
elasticx-pack5.4.0
elasticx-pack5.5.0
elasticx-pack5.5.2

References

CWEs

CWE-284 CWE-269

Verify integrity in audit chain (admin only). AS-IS.