Lucene search
ElasticCVELIST:CVE-2018-17247HistoryDec 20, 2018 - 10:00 p.m.
CVE-2018-17247
2018-12-2022:00:00
CWE-611
elastic
www.cve.org
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning’s find_file_structure API. If a policy allowing external network access has been added to Elasticsearch’s Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.
CNA Affected
[
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "6.5.0 and 6.5.1"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2018-17247
2018-12-20 00:00:00
prion
prion
Information disclosure
2018-12-20 22:29:00
nvd
nvd
CVE-2018-17247
2018-12-20 22:29:00
github
github
Improper Restriction of XML External Entity Reference in Elasticsearch
2022-05-13 01:34:04
checkpoint_advisories
checkpoint_advisories
Elasticsearch MachineLearning XML External Entities (CVE-2018-17247)
2020-07-28 00:00:00
osv
osv
Improper Restriction of XML External Entity Reference in Elasticsearch
2022-05-13 01:34:04
CVE-2018-17247
2018-12-20 22:29:00
nessus
nessus
Elasticsearch ESA-2018-19
2019-01-18 00:00:00
openvas
openvas
cve
cve
CVE-2018-17247
2018-12-20 22:29:00