QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3824

Published: Sep 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.

Vendor	Product	Versions
Elastic	Elasticsearch X-Pack Machine Learning	affected `before 6.2.4 and 5.6.9`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422

x_refsource_CONFIRM

https://www.elastic.co/community/security

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.