X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the malicious user to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
elastic elasticsearch x-pack |
||
elastic kibana x-pack |
||
elastic logstash x-pack |