CVE-2018-3822

9.8CRITICAL

Key Information:

Vendor: Elastic
Status: X-pack Security
Vendor: CVE Published:; 30 March 2018

Summary

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.

Affected Version(s)

X-Pack Security 6.2.0, 6.2.1, and 6.2.2

References

https://discuss.elastic.co/t/elastic-stack-6-2-3-security...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Jan 2, 2018