CVE-2018-3823 vulnerability in Elastic Products
Published on September 19, 2018
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2018-3823 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2018-3823
Want to know whenever a new CVE is published for Elastic products? stack.watch will email you.
Affected Versions
Elasticsearch X-Pack Machine Learning Version before 6.2.4 and 5.6.9 is affected by CVE-2018-3823Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.