← voltar
CVE-2018-3823

CVE-2018-3823

EPSS 0.6%CWE-79
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 set 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Produtos afetados
Elastic · Elasticsearch X-Pack Machine Learning

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422https://www.elastic.co/community/security