Medium Nessus Plugin ID 112042
SynopsisThe remote web server hosts a Java application that is affected by
DescriptionAn error was found in the X-Pack Security privilege enforcement. If a
user has either delete or index permissions on an index in a
cluster, they may be able to issue both delete and index requests
against that index.
SolutionX-Pack Security users should upgrade to version 5.6.0 or 5.5.3. If you
cannot upgrade immediately you can workaround this issue by removing
the delete and index permission from untrusted users.