Medium Nessus Plugin ID 112037
SynopsisThe remote web server hosts a Java application that is affected by an
unauthorised information disclosure vulnerability.
DescriptionWhen merging multiple rules with field level security rules for the
same index, X-Pack Security 5.2.x would allow access to more fields
than the user should have seen if the field level security rules used
a mix of grant and exclude rules.
SolutionUpdate X-Pack Security to version 5.3.0.