cpe:/a:elastic:x-pack:5.0.0 cpe:/a:elastic:x-pack:5.0.1 cpe:/a:elastic:x-pack:5.0.2 cpe:/a:elastic:x-pack:5.1.1 cpe:/a:elastic:x-pack:5.2.0 cpe:/a:elastic:x-pack:5.2.1 cpe:/a:elastic:x-pack:5.2.2 cpe:/a:elastic:x-pack:5.3.0 cpe:/a:elastic:x-pack:5.3.1 cpe:/a:elastic:x-pack:5.3.2 cpe:/a:elastic:x-pack:5.3.3 cpe:/a:elastic:x-pack:5.4.0 cpe:/a:elastic:x-pack:5.5.0 cpe:/a:elastic:x-pack:5.5.2 cpe:/a:elastic:x-pack:5.6.0 CVE-2017-8448 2017-09-28T21:34:50.607-04:00 2019-10-09T19:30:15.000-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov MISC https://discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884 An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.