Elasticsearch Groovy Scripting Engine Sandbox Security Bypass Vulnerability



Elasticsearch is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Information

Bugtraq ID: 72585
Class: Design Error
CVE: CVE-2015-1427

Remote: Yes
Local: No
Published: Feb 11 2015 12:00AM
Updated: Apr 14 2017 12:04AM
Credit: Cameron Morris and Cisco Systems Information Security Team
Vulnerable: Redhat JBoss Fuse 6.2
Elasticsearch Elasticsearch 1.4.2
Elasticsearch Elasticsearch 1.4
Elasticsearch Elasticsearch 1.3.7
Elasticsearch Elasticsearch 1.3


Not Vulnerable: Redhat JBoss Fuse 6.3
Elasticsearch Elasticsearch 1.4.3
Elasticsearch Elasticsearch 1.3.8



References:

Related Posts

Comments