175 matches found
Cross site scripting
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. Users with manageml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructiv...
CVE-2018-3824
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...
CVE-2018-3823
CVE-2018-3823 affects Elastic X-Pack Machine Learning in Kibana/Elasticsearch prior to versions 6.2.4 and 5.6.9. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input in ML job configurations; users with manage_ml permissions could embed malic...
CVE-2018-3824
CVE-2018-3824 affects Elastic X-Pack Machine Learning in Elasticsearch/Kibana prior to 6.2.4 and 5.6.9. An attacker who can inject data into an index with a running ML job can cause a cross-site scripting (XSS) payload to execute when a user views ML results, potentially exposing cookies or allow...
Elasticsearch ESA-2017-15
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior i...
Elasticsearch ESA-2017-10
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...
Elasticsearch ESA-2017-19
An error was found in the permission model used by X-Pack alerting whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid112043; scriptversion"1.2";...
Elasticsearch ESA-2017-09
X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. C Tenable Netwo...
Elasticsearch ESA-2017-06
X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas will be...
Elasticsearch ESA-2017-03
When merging multiple rules with field level security rules for the same index, X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules. C Tenable Network Security, Inc. include'compat.inc'; if...
Elasticsearch ESA-2017-18
An error was found in the X-Pack Security privilege enforcement. If a user has either delete or index permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. C Tenable Network Security, Inc. include"compat.inc"; if description...
Elasticsearch ESA-2018-07
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
Elastic Elasticsearch Public WAN (Internet) / Public LAN Accessible
The script checks if the target host is running an Elastic Elasticsearch service accessible from a public WAN Internet / public LAN. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
File System Crawler: diskover
diskover is an open source file system crawler and disk space usage software that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files and system administrators are able to manage storage...
Directory traversal
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
CVE-2018-3819
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website...
CVE-2018-3822
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
Open redirect
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website...
CVE-2018-3822
Elastic X-Pack Security (part of Elasticsearch) versions 6.2.0–6.2.2 are affected by CVE-2018-3822 due to improper XML canonicalization and DOM traversal in the SAML implementation, enabling a user impersonation attack if the SAML IdP allows self-registration with arbitrary identifiers and an att...
CVE-2018-3819
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website...