Lucene search
+L

175 matches found

Prion
Prion
added 2018/09/19 7:29 p.m.18 views

Cross site scripting

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. Users with manageml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructiv...

3.5CVSS5.8AI score0.00647EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2018/09/19 7:0 p.m.21 views

CVE-2018-3824

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...

6.3AI score0.00866EPSS
Exploits0References2
CVE
CVE
added 2018/09/19 7:0 p.m.62 views

CVE-2018-3823

CVE-2018-3823 affects Elastic X-Pack Machine Learning in Kibana/Elasticsearch prior to versions 6.2.4 and 5.6.9. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input in ML job configurations; users with manage_ml permissions could embed malic...

5.4CVSS5.6AI score0.00647EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/09/19 7:0 p.m.81 views

CVE-2018-3824

CVE-2018-3824 affects Elastic X-Pack Machine Learning in Elasticsearch/Kibana prior to 6.2.4 and 5.6.9. An attacker who can inject data into an index with a running ML job can cause a cross-site scripting (XSS) payload to execute when a user views ML results, potentially exposing cookies or allow...

6.1CVSS6.1AI score0.00866EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.30 views

Elasticsearch ESA-2017-15

An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior i...

5.5CVSS5.6AI score0.0016EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.32 views

Elasticsearch ESA-2017-10

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...

6.5CVSS6.5AI score0.00924EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.28 views

Elasticsearch ESA-2017-19

An error was found in the permission model used by X-Pack alerting whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid112043; scriptversion"1.2";...

8.8CVSS7.8AI score0.00844EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.24 views

Elasticsearch ESA-2017-09

X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. C Tenable Netwo...

4.3CVSS5.7AI score0.00733EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.36 views

Elasticsearch ESA-2017-06

X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas will be...

8.8CVSS7.8AI score0.01025EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.36 views

Elasticsearch ESA-2017-03

When merging multiple rules with field level security rules for the same index, X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules. C Tenable Network Security, Inc. include'compat.inc'; if...

5.9CVSS6AI score0.00834EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.31 views

Elasticsearch ESA-2017-18

An error was found in the X-Pack Security privilege enforcement. If a user has either delete or index permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. C Tenable Network Security, Inc. include"compat.inc"; if description...

6.5CVSS6.4AI score0.00612EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/08/22 12:0 a.m.44 views

Elasticsearch ESA-2018-07

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS8.5AI score0.01598EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/07/04 12:0 a.m.32 views

Elastic Elasticsearch Public WAN (Internet) / Public LAN Accessible

The script checks if the target host is running an Elastic Elasticsearch service accessible from a public WAN Internet / public LAN. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7AI score
Exploits0References1
n0where
n0where
added 2018/05/31 6:56 p.m.55 views

File System Crawler: diskover

diskover is an open source file system crawler and disk space usage software that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files and system administrators are able to manage storage...

Exploits0References4
Prion
Prion
added 2018/03/30 8:29 p.m.18 views

Directory traversal

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

7.5CVSS9.4AI score0.01598EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/30 8:29 p.m.31 views

CVE-2018-3819

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website...

6.1CVSS6.2AI score0.00852EPSS
Exploits0References1
NVD
NVD
added 2018/03/30 8:29 p.m.17 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS9.5AI score0.01598EPSS
Exploits0References1
Prion
Prion
added 2018/03/30 8:29 p.m.22 views

Open redirect

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website...

5.8CVSS6.2AI score0.00852EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/03/30 8:0 p.m.67 views

CVE-2018-3822

Elastic X-Pack Security (part of Elasticsearch) versions 6.2.0–6.2.2 are affected by CVE-2018-3822 due to improper XML canonicalization and DOM traversal in the SAML implementation, enabling a user impersonation attack if the SAML IdP allows self-registration with arbitrary identifiers and an att...

9.8CVSS9.5AI score0.01598EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/30 8:0 p.m.39 views

CVE-2018-3819

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website...

6.2AI score0.00852EPSS
Exploits0References1
Rows per page
Query Builder