Medium severity6.1NVD Advisory· Published Sep 19, 2018· Updated Jun 17, 2026
CVE-2018-3824
CVE-2018-3824
Description
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | < 5.6.9 | 5.6.9 |
org.elasticsearch:elasticsearchMaven | >= 6.0.0, < 6.2.4 | 6.2.4 |
Affected products
2- Range: before 6.2.4 and 5.6.9
Patches
Vulnerability mechanics
References
4- discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-mjpc-qx7h-r8c9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3824ghsaADVISORY
- www.elastic.co/community/securitynvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.