Elasticsearch X Pack Machine Learning
Approved changes feed: RSS · Atom
cpe:2.3:a:elastic:elasticsearch_x-pack_machine_learning:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Elastic (1d0b8d2a-fd47-5b20-b005-34326f9bd037) |
|---|---|
| Product | Elasticsearch X Pack Machine Learning (2984a139-5e8a-522d-8495-380ebec26912) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-3824 |
vulnerable | 2026-06-03 14:38:50.479389 |
Details available
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
Published: 2018-09-19T19:00:00.000Z
Updated: 2024-08-05T04:57:24.004Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3823 |
vulnerable | 2026-06-03 14:38:50.477227 |
Details available
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Published: 2018-09-19T19:00:00.000Z
Updated: 2024-08-05T04:57:23.727Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.