CVE-2017-8446: Improper Privilege Management

August 18, 2017 (updated October 9, 2019)

The Reporting feature in X-Pack has an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.

References

nvd.nist.gov/vuln/detail/CVE-2017-8446
www.elastic.co/community/security

Code Behaviors & Features

Detect and mitigate CVE-2017-8446 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →