FKIE_CVE-2018-3824

Vulnerability from fkie_nvd - Published: 2018-09-19 19:29 - Updated: 2024-11-21 04:06
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
References
security@elastic.cohttps://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422Vendor Advisory
security@elastic.cohttps://www.elastic.co/community/securityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.elastic.co/community/securityVendor Advisory
Impacted products
Vendor Product Version
elastic elasticsearch_x-pack *
elastic elasticsearch_x-pack *
elastic kibana_x-pack *
elastic kibana_x-pack *
elastic logstash_x-pack *
elastic logstash_x-pack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:elasticsearch_x-pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "765371CE-418D-405B-B8BB-7A6B231ACE0D",
              "versionEndExcluding": "5.6.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:elasticsearch_x-pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3781883E-1556-4EB3-BC4C-75E8D959FAE2",
              "versionEndExcluding": "6.2.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:kibana_x-pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68F6A465-378B-47E3-919E-F19BBE6FCC67",
              "versionEndExcluding": "5.6.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:kibana_x-pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1EF901-E809-4316-8DDC-0933F7BB7380",
              "versionEndExcluding": "6.2.4",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:elastic:logstash_x-pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "686EB0E4-3A48-426D-B9F8-6CAF3B80063F",
              "versionEndExcluding": "5.6.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:elastic:logstash_x-pack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E59045-C7A7-4014-9830-D8CF2192EB35",
              "versionEndExcluding": "6.2.4",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user."
    },
    {
      "lang": "es",
      "value": "X-Pack Machine Learning en versiones anteriores a la 6.2.4 y 5.6.9 ten\u00eda una vulnerabilidad Cross-Site Scripting (XSS). Si un atacante es capaz de inyectar datos en un \u00edndice que tiene un trabajo ML ejecut\u00e1ndose contra \u00e9l, entonces cuando otro usuario visualice los resultados del trabajo ML, podr\u00eda permitir que el atacante obtenga informaci\u00f3n sensible o realice acciones destructivas en nombre de otros usuarios de ML que visualicen los resultados de los trabajos."
    }
  ],
  "id": "CVE-2018-3824",
  "lastModified": "2024-11-21T04:06:06.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-19T19:29:00.360",
  "references": [
    {
      "source": "security@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422"
    },
    {
      "source": "security@elastic.co",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "sourceIdentifier": "security@elastic.co",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@elastic.co",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.