Medium Nessus Plugin ID 112042
SynopsisThe remote web server hosts a Java application that is affected by multiple vulnerabilities.
DescriptionAn error was found in the X-Pack Security privilege enforcement. If a user has either delete or index permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
SolutionX-Pack Security users should upgrade to version 5.6.0 or 5.5.3. If you cannot upgrade immediately you can workaround this issue by removing the delete and index permission from untrusted users.