2 matches found
CVE-2018-3822
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
CVE-2018-3822
Elastic X-Pack Security (part of Elasticsearch) versions 6.2.0–6.2.2 are affected by CVE-2018-3822 due to improper XML canonicalization and DOM traversal in the SAML implementation, enabling a user impersonation attack if the SAML IdP allows self-registration with arbitrary identifiers and an att...