Medium severity5.3NVD Advisory· Published Aug 18, 2017· Updated Jun 17, 2026
CVE-2017-8446
CVE-2017-8446
Description
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch.plugin:x-packMaven | < 5.5.2 | 5.5.2 |
Affected products
4cpe:2.3:a:elasticsearch:x-pack_reporting:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:elasticsearch:x-pack_reporting:*:*:*:*:*:*:*:*range: <=2.4.5
- (no CPE)range: Before 5.5.2 and 2.4.6
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-m728-qvxh-xfjqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8446ghsaADVISORY
- www.elastic.co/community/securitynvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.