Количество 2
Количество 2
CVE-2018-3824
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
GHSA-mjpc-qx7h-r8c9
Elasticsearch subject to cross site scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-3824 X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user. | CVSS3: 6.1 | 0% Низкий | больше 7 лет назад |
| GHSA-mjpc-qx7h-r8c9 Elasticsearch subject to cross site scripting | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу