X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2018-09-19T19:00:00
Updated: 2024-08-05T04:57:23.727Z
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-3823
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-09-19T19:29:00.220
Modified: 2023-03-04T01:51:18.083
Link: CVE-2018-3823
Redhat
No data.