CVE-2017-8442 is a vulnerability in Elasticsearch
Published on July 7, 2017
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.
Weakness Type
What is a Resource Leak Vulnerability?
The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.
CVE-2017-8442 has been classified to as a Resource Leak vulnerability or weakness.
Products Associated with CVE-2017-8442
Want to know whenever a new CVE is published for Elasticsearch? stack.watch will email you.
Affected Versions
Elasticsearch X-Pack Security Version 5.0.0 to 5.4.3 is affected by CVE-2017-8442Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.