3 matches found
com.aconex.scrutineer:scrutineer (=6.5.0), com.automattic:elasticsearch-statsd (>=6.5.0.0 <=6.5.1.0) +35 more potentially affected by CVE-2018-17247 via org.elasticsearch:elasticsearch (>=6.5.0 <=6.5.1)
org.elasticsearch:elasticsearch MAVEN version =6.5.0, =6.5.0.0, =6.5.1-32.2, =6.5.1-23.2, =6.5.1-25.5, =1.1.0, =1.1.0, =1.0, =6.5.0.0, =0.3.3, =5.4.2.1.RELEASE, =5.4.2.1.RELEASE, =5.4.2.1.RELEASE, =5.4.2.1.RELEASE, =6.5.1.7.RELEASE and more Source cves: CVE-2018-17247 Source advisory:...
Elasticsearch MachineLearning XML External Entities (CVE-2018-17247)
An XML external entities vulnerability exists in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the...
CVE-2018-17247
Elasticsearch Security 6.5.0/6.5.1 are affected by an XXE in Machine Learning’s find_file_structure API. The root cause is an XML External Entity vulnerability when a policy allowing external network access is present in the Java Security Manager, enabling a crafted request to leak local file con...