What the vulnerability does

01Description

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.

Key dates

02Disclosure timeline

June 5, 2017 CVE published
August 5, 2024 Record updated