Path traversal vulnerability in Elasticsearch via incorrect XML canonicalization- CVE-2018-3822 (rpm)ID: oval:org.secpod.oval:def:48180 | Date: (C)2018-10-24 (M)2023-03-29 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 6.2.0 before 6.2.3 and is prone to a path traversal vulnerability. A flaw is present in the application, which allows attackers to make use of the SAML Identity Provider to impersonate a legitimate user. On successful exploitation, an attacker might be able to register an account with an identifier that shares a suffix with a legitimate account.