CVE-2018-3824

CVE-2018-3824

Vendor Elastic
Product Elasticsearch X-Pack Machine Learning
Weakness CWE-79 · XSS
Published September 19, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.

Key dates

02Disclosure timeline

September 19, 2018 CVE published
August 5, 2024 Record updated