CVE-2018-3822Improper Authentication in X-pack Security

CWE-287Improper AuthenticationCWE-22Path Traversal5 documents5 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
0.6%
top 31.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Haxx CurlElastic X-pack SecurityElastic X-pack
Timeline
PublishedMar 30
Latest updateMay 13

Description

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5elastic/x-pack_security6.2.0, 6.2.1, and 6.2.2
NVDelastic/x-pack6.2.0, 6.2.1, 6.2.2+2
Ubuntuhaxx/curl< 7.35.0-1ubuntu2.20+2

🔴Vulnerability Details

3
GHSA
GHSA-8x5v-8988-73v9: X-Pack Security versions 62022-05-13
OSV
curl vulnerabilities2019-02-06
CVEList
CVE-2018-3822: X-Pack Security versions 62018-03-30

💬Community

1
Bugzilla
CVE-2018-17088 jhead: Integer overflow in gpsinfo.c while running jhead2018-09-17
CVE-2018-3822 — Improper Authentication in Elastic | cvebase