← voltar
CVE-2018-3824

CVE-2018-3824

EPSS 0.9%CWE-79
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 set 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
Produtos afetados
Elastic · Elasticsearch X-Pack Machine Learning

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422https://www.elastic.co/community/security