Vulnerabilities > Elastic > X Pack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-29 | CVE-2017-8447 | Improper Privilege Management vulnerability in Elastic X-Pack An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. | 6.5 |
| 2017-08-18 | CVE-2017-8445 | Improper Certificate Validation vulnerability in Elastic X-Pack An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. | 5.5 |
| 2017-07-07 | CVE-2017-8442 | Information Exposure vulnerability in Elastic X-Pack Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. | 6.5 |
| 2017-06-16 | CVE-2017-8449 | Information Exposure vulnerability in Elastic X-Pack 5.2.0/5.2.1/5.2.2 X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index. | 5.9 |
| 2017-06-05 | CVE-2017-8441 | Information Exposure vulnerability in Elastic X-Pack Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. | 4.3 |