CVE-2018-3823

CVE-2018-3823

Vendor Elastic
Product Elasticsearch X-Pack Machine Learning
Weakness CWE-79 · XSS
Published September 19, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.

Key dates

02Disclosure timeline

September 19, 2018 CVE published
August 5, 2024 Record updated