Vulnerabilites related to elasticsearch - elasticsearch
cve-2015-4165
Vulnerability from cvelistv5
Published
2017-08-09 16:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535727/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/75113 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1230761 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536855/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.elastic.co/community/security/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html"
},
{
"name": "20150609 Elasticsearch vulnerability CVE-2015-4165",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535727/100/0/threaded"
},
{
"name": "75113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761"
},
{
"name": "20151106 Elasticsearch vulnerability CVE-2015-4165",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536855/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html"
},
{
"name": "20150609 Elasticsearch vulnerability CVE-2015-4165",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535727/100/0/threaded"
},
{
"name": "75113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761"
},
{
"name": "20151106 Elasticsearch vulnerability CVE-2015-4165",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536855/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html"
},
{
"name": "20150609 Elasticsearch vulnerability CVE-2015-4165",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535727/100/0/threaded"
},
{
"name": "75113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75113"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761"
},
{
"name": "20151106 Elasticsearch vulnerability CVE-2015-4165",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536855/100/0/threaded"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4165",
"datePublished": "2017-08-09T16:00:00",
"dateReserved": "2015-06-02T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5531
Vulnerability from cvelistv5
Published
2015-08-17 15:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/536017/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/75935 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html | x_refsource_MISC | |
| https://www.elastic.co/community/security/ | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/38383/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150716 Elasticsearch CVE-2015-5531",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536017/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html"
},
{
"name": "75935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
},
{
"name": "38383",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38383/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150716 Elasticsearch CVE-2015-5531",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536017/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html"
},
{
"name": "75935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security/"
},
{
"name": "38383",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38383/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150716 Elasticsearch CVE-2015-5531",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536017/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html"
},
{
"name": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html"
},
{
"name": "75935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75935"
},
{
"name": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
},
{
"name": "38383",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38383/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5531",
"datePublished": "2015-08-17T15:00:00",
"dateReserved": "2015-07-16T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3337
Vulnerability from cvelistv5
Published
2015-05-01 15:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74353 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535385 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/37054/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.elastic.co/community/security | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3241 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74353",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74353"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html"
},
{
"name": "20150427 Elasticsearch vulnerability CVE-2015-3337",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535385"
},
{
"name": "37054",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37054/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "DSA-3241",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74353",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74353"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html"
},
{
"name": "20150427 Elasticsearch vulnerability CVE-2015-3337",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535385"
},
{
"name": "37054",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37054/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "DSA-3241",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74353"
},
{
"name": "http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html"
},
{
"name": "20150427 Elasticsearch vulnerability CVE-2015-3337",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535385"
},
{
"name": "37054",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37054/"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "DSA-3241",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3337",
"datePublished": "2015-05-01T15:00:00",
"dateReserved": "2015-04-20T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3120
Vulnerability from cvelistv5
Published
2014-07-28 19:00
Modified
2025-02-10 20:14
Severity ?
EPSS score ?
Summary
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.elastic.co/blog/logstash-1-4-3-released | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/33370 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/67731 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/106949 | vdb-entry, x_refsource_OSVDB | |
| http://bouk.co/blog/elasticsearch-rce/ | x_refsource_MISC | |
| http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce | x_refsource_MISC | |
| https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch | x_refsource_MISC | |
| https://www.elastic.co/community/security/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "33370",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33370"
},
{
"name": "67731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67731"
},
{
"name": "106949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/106949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bouk.co/blog/elasticsearch-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-3120",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:14:11.275052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-3120"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:14:16.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor\u0027s intended security policy if the user does not run Elasticsearch in its own independent virtual machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-15T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "33370",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33370"
},
{
"name": "67731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67731"
},
{
"name": "106949",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/106949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bouk.co/blog/elasticsearch-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor\u0027s intended security policy if the user does not run Elasticsearch in its own independent virtual machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/blog/logstash-1-4-3-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "33370",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33370"
},
{
"name": "67731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67731"
},
{
"name": "106949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/106949"
},
{
"name": "http://bouk.co/blog/elasticsearch-rce/",
"refsource": "MISC",
"url": "http://bouk.co/blog/elasticsearch-rce/"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"
},
{
"name": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch",
"refsource": "MISC",
"url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3120",
"datePublished": "2014-07-28T19:00:00.000Z",
"dateReserved": "2014-04-29T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:14:16.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6439
Vulnerability from cvelistv5
Published
2014-10-10 01:00
Modified
2024-08-06 12:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/533602/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/70233 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html | x_refsource_MISC | |
| https://www.elastic.co/community/security/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"name": "20141002 Elasticsearch vulnerability CVE-2014-6439",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"name": "70233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"name": "20141002 Elasticsearch vulnerability CVE-2014-6439",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"name": "70233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/",
"refsource": "CONFIRM",
"url": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"name": "20141002 Elasticsearch vulnerability CVE-2014-6439",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"name": "70233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70233"
},
{
"name": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6439",
"datePublished": "2014-10-10T01:00:00",
"dateReserved": "2014-09-16T00:00:00",
"dateUpdated": "2024-08-06T12:17:23.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-10-10 01:55
Modified
2024-11-21 02:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | elasticsearch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD79CAFE-8F30-4F30-B735-9A94C8259D9C",
"versionEndIncluding": "1.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funcionalidad CORS en Elasticsearch anterior a 1.4.0.Beta1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6439",
"lastModified": "2024-11-21T02:14:23.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-10T01:55:11.430",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533602/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-09 16:29
Modified
2024-11-21 02:30
Severity ?
Summary
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | elasticsearch | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CB88EE-B3C9-4719-9F9A-3D6DEED26E46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code."
},
{
"lang": "es",
"value": "La API snapshot en Elasticsearch en versiones anteriores a la 1.6.0, cuando otra aplicaci\u00f3n existe en el sistema que puede leer archivos Lucene y ejecutar c\u00f3digo desde los mismos, se vuelve accesible para el atacante. Adem\u00e1s, la m\u00e1quina virtual Java VM desde la que se est\u00e1 ejecutando Elasticsearch puede escribir en una localizaci\u00f3n desde la que la otra aplicaci\u00f3n puede leer y ejecutar. Esto permite que usuarios remotos autenticados escriban y creen archivos de metadatos snapshot arbitrarios y, potencialmente, ejecuten c\u00f3digo arbitrario."
}
],
"id": "CVE-2015-4165",
"lastModified": "2024-11-21T02:30:33.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T16:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535727/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536855/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75113"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535727/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536855/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-01 15:59
Modified
2024-11-21 02:29
Severity ?
Summary
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | elasticsearch | * | |
| elasticsearch | elasticsearch | 1.5.0 | |
| elasticsearch | elasticsearch | 1.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AACD97E-EDF8-4367-8EC7-067D366DAB97",
"versionEndIncluding": "1.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5EBF8C-0C18-45F0-9E68-6107004B0D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB24660E-1F56-4CD6-9462-6D3D279C8B0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Elasticsearch anterior a 1.4.5 y 1.5.x anterior a 1.5.2, cuando un plugin de sitio est\u00e1 habilitado, permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-3337",
"lastModified": "2024-11-21T02:29:11.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-01T15:59:06.850",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3241"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535385"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/74353"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/37054/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/74353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/37054/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-17 15:59
Modified
2024-11-21 02:33
Severity ?
Summary
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | elasticsearch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE8F3F8-E31C-4DF8-8FA6-1B1FCFCA1C15",
"versionEndIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Elasticsearch en versiones anteriores a 1.6.1, permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados relacionados con llamadas a la API de instant\u00e1neas."
}
],
"id": "CVE-2015-5531",
"lastModified": "2024-11-21T02:33:12.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-17T15:59:02.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536017/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75935"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/38383/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536017/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/38383/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-28 19:55
Modified
2025-02-10 21:15
Severity ?
Summary
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elasticsearch | elasticsearch | * |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Elasticsearch Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B31061F1-66B7-4F12-93CE-685F82BCB17B",
"versionEndIncluding": "1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor\u0027s intended security policy if the user does not run Elasticsearch in its own independent virtual machine."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en Elasticsearch anterior a 1.2 habilita secuencias de comandos din\u00e1micos, lo que permite a atacantes remotos ejecutar expresiones MVEL arbitrarias y c\u00f3digo Java a trav\u00e9s del par\u00e1metro source en _search. NOTA: esto solamente viola la pol\u00edtica de seguridad del proveedor si el usuario no hace funcionar Elasticsearch en su propia maquina virtual independiente."
}
],
"id": "CVE-2014-3120",
"lastModified": "2025-02-10T21:15:11.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2014-07-28T19:55:04.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bouk.co/blog/elasticsearch-rce/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/33370"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/106949"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67731"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bouk.co/blog/elasticsearch-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/33370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/106949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}