What the vulnerability does

01Description

X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.

Key dates

02Disclosure timeline

June 16, 2017 CVE published
August 5, 2024 Record updated