← Back to CVE List

CVE-2017-8438

Published: 2017-06-05T14:29Z
Last Modified: 2024-11-21T03:34Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt