X-Pack Machine Learning versions prior to 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the malicious user to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
elastic elasticsearch x-pack |
||
elastic kibana x-pack |
||
elastic logstash x-pack |