CVE-2018-3822 is a vulnerability in Elastic X Pack
Published on March 30, 2018
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2018-3822 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2018-3822
Want to know whenever a new CVE is published for Elastic X Pack? stack.watch will email you.
Affected Versions
Elastic X-Pack Security Version 6.2.0, 6.2.1, and 6.2.2 is affected by CVE-2018-3822Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.