The host is installed with Elasticsearch 6.2.0 before 6.2.3 and is prone to a path traversal vulnerability. A flaw is present in the application, which allows attackers to make use of the SAML Identity Provider to impersonate a legitimate user. On successful exploitation, an attacker might be able to register an account with an identifier that shares a suffix with a legitimate account.