QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3823

Published: Sep 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.

Vendor	Product	Versions
Elastic	Elasticsearch X-Pack Machine Learning	affected `before 6.2.4 and 5.6.9`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422

x_refsource_CONFIRM

https://www.elastic.co/community/security

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.