CVE-2018-3824 - OpenCVE

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elastic	Elasticsearch X-pack Kibana X-pack Logstash X-pack

Configuration 1 [-]

OR	cpe:2.3:a:elastic:elasticsearch_x-pack::::::::
	cpe:2.3:a:elastic:elasticsearch_x-pack::::::::

Configuration 2 [-]

OR	cpe:2.3:a:elastic:kibana_x-pack::::::::
	cpe:2.3:a:elastic:kibana_x-pack::::::::

Configuration 3 [-]

OR	cpe:2.3:a:elastic:logstash_x-pack::::::::
	cpe:2.3:a:elastic:logstash_x-pack::::::::

No data.

References

Link	Providers
https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422
https://www.elastic.co/community/security

History

No history.

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2018-09-19T19:00:00

Updated: 2024-08-05T04:57:24.004Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3824

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-19T19:29:00.360

Modified: 2019-10-09T23:40:40.093

Link: CVE-2018-3824

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Elasticsearch X-Pack Machine Learning", "vendor": "Elastic", "versions": [{"status": "affected", "version": "before 6.2.4 and 5.6.9"}]}], "datePublic": "2018-04-17T00:00:00", "descriptions": [{"lang": "en", "value": "X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-19T18:57:01", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/community/security"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2018-3824", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Elasticsearch X-Pack Machine Learning", "version": {"version_data": [{"version_value": "before 6.2.4 and 5.6.9"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422", "refsource": "CONFIRM", "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422"}, {"name": "https://www.elastic.co/community/security", "refsource": "CONFIRM", "url": "https://www.elastic.co/community/security"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:57:24.004Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.elastic.co/community/security"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2018-3824", "datePublished": "2018-09-19T19:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T04:57:24.004Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch_x-pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "765371CE-418D-405B-B8BB-7A6B231ACE0D", "versionEndExcluding": "5.6.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:elasticsearch_x-pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "3781883E-1556-4EB3-BC4C-75E8D959FAE2", "versionEndExcluding": "6.2.4", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:kibana_x-pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "68F6A465-378B-47E3-919E-F19BBE6FCC67", "versionEndExcluding": "5.6.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:kibana_x-pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA1EF901-E809-4316-8DDC-0933F7BB7380", "versionEndExcluding": "6.2.4", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:logstash_x-pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "686EB0E4-3A48-426D-B9F8-6CAF3B80063F", "versionEndExcluding": "5.6.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:logstash_x-pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E59045-C7A7-4014-9830-D8CF2192EB35", "versionEndExcluding": "6.2.4", "versionStartIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user."}, {"lang": "es", "value": "X-Pack Machine Learning en versiones anteriores a la 6.2.4 y 5.6.9 ten\u00eda una vulnerabilidad Cross-Site Scripting (XSS). Si un atacante es capaz de inyectar datos en un \u00edndice que tiene un trabajo ML ejecut\u00e1ndose contra \u00e9l, entonces cuando otro usuario visualice los resultados del trabajo ML, podr\u00eda permitir que el atacante obtenga informaci\u00f3n sensible o realice acciones destructivas en nombre de otros usuarios de ML que visualicen los resultados de los trabajos."}], "id": "CVE-2018-3824", "lastModified": "2019-10-09T23:40:40.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-19T19:29:00.360", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "bressers@elastic.co", "type": "Secondary"}]}