CVE-2018-17247

Name of the Vulnerable Software and Affected Versions Elasticsearch Security versions 6.5.0 and 6.5.1

Description The issue is related to an XXE flaw in Machine Learning's find file structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager, an attacker could send a specially crafted request to leak the content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.

Recommendations For Elasticsearch Security versions 6.5.0 and 6.5.1, consider restricting access to the find file structure API until a patch is available. As a temporary workaround, review and restrict policies allowing external network access in Elasticsearch's Java Security Manager to minimize the risk of exploitation.