Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Elasticsearch X-Pack Security 路径遍历漏洞
Vulnerability Description
Elasticsearch X-Pack是荷兰Elasticsearch公司的一个Elastic Stack(日志分析系统)的扩展。Security是其中的一个安全组件。 Elasticsearch X-Pack Security 6.2.0版本、6.2.1版本和6.2.2版本中存在路径遍历漏洞。远程攻击者可利用该漏洞冒充合法用户。
CVSS Information
N/A
Vulnerability Type
N/A