VuXML ID | Description |
a71e7440-1ba3-11e5-b43d-002590263bf5 | elasticsearch -- directory traversal attack with site plugins
Elastic reports:
Vulnerability Summary: All Elasticsearch versions prior to 1.5.2
and 1.4.5 are vulnerable to a directory traversal attack that allows
an attacker to retrieve files from the server running Elasticsearch
when one or more site plugins are installed, or when Windows is the
server OS.
Remediation Summary: Users should upgrade to 1.4.5 or 1.5.2. Users
that do not want to upgrade can address the vulnerability by
disabling site plugins. See the CVE description for additional
options.
Discovery 2015-04-27 Entry 2015-06-26 elasticsearch
< 1.4.5
ge 1.5.0 lt 1.5.2
CVE-2015-3337
74353
https://www.elastic.co/community/security
https://www.elastic.co/blog/elasticsearch-1-5-2-and-1-4-5-released
https://www.exploit-db.com/exploits/37054/
https://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html
http://www.securityfocus.com/archive/1/535385
|
5951fb49-1ba2-11e5-b43d-002590263bf5 | elasticsearch -- cross site scripting vulnerability in the CORS functionality
Elastic reports:
Vulnerability Summary: Elasticsearch versions 1.3.x and prior have
a default configuration for CORS that allows an attacker to craft
links that could cause a user's browser to send requests to
Elasticsearch instances on their local network. These requests could
cause data loss or compromise.
Remediation Summary: Users should either set "http.cors.enabled" to
false, or set "http.cors.allow-origin" to the value of the server
that should be allowed access, such as localhost or a server hosting
Kibana. Disabling CORS entirely with the former setting is more
secure, but may not be suitable for all use cases.
Discovery 2014-10-01 Entry 2015-06-26 elasticsearch
< 1.4.0
CVE-2014-6439
70233
https://www.elastic.co/community/security
https://www.elastic.co/blog/elasticsearch-1-4-0-beta-released
https://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html
http://www.securityfocus.com/archive/1/archive/1/533602/100/0/threaded
|
ae8c09cb-32da-11e5-a4a5-002590263bf5 | elasticsearch -- directory traversal attack via snapshot API
Elastic reports:
Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0
are vulnerable to a directory traversal attack.
Remediation Summary: Users should upgrade to 1.6.1 or later, or
constrain access to the snapshot API to trusted sources.
Discovery 2015-07-16 Entry 2015-08-05 elasticsearch
ge 1.0.0 lt 1.6.1
CVE-2015-5531
ports/201834
https://www.elastic.co/community/security
|
23232028-1ba4-11e5-b43d-002590263bf5 | elasticsearch -- security fix for shared file-system repositories
Elastic reports:
Vulnerability Summary: All Elasticsearch versions from 1.0.0 to
1.5.2 are vulnerable to an attack that uses Elasticsearch to modify
files read and executed by certain other applications.
Remediation Summary: Users should upgrade to 1.6.0. Alternately,
ensure that other applications are not present on the system, or
that Elasticsearch cannot write into areas where these applications
would read.
Discovery 2015-06-09 Entry 2015-06-26 elasticsearch
ge 1.0.0 lt 1.6.0
CVE-2015-4165
ports/201008
https://www.elastic.co/community/security
https://www.elastic.co/blog/elasticsearch-1-6-0-released
|
fb3668df-32d7-11e5-a4a5-002590263bf5 | elasticsearch -- remote code execution via transport protocol
Elastic reports:
Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are
vulnerable to an attack that can result in remote code execution.
Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0.
Alternately, ensure that only trusted applications have access to
the transport protocol port.
Discovery 2015-07-16 Entry 2015-08-05 elasticsearch
< 1.6.1
CVE-2015-5377
ports/201834
https://www.elastic.co/community/security
|
43ac9d42-1b9a-11e5-b43d-002590263bf5 | elasticsearch and logstash -- remote OS command execution via dynamic scripting
Elastic reports:
Vulnerability Summary: In Elasticsearch versions 1.1.x and prior,
dynamic scripting is enabled by default. This could allow an
attacker to execute OS commands.
Remediation Summary: Disable dynamic scripting.
Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is
vulnerable to CVE-2014-3120. These binaries are used in
Elasticsearch output specifically when using the node protocol.
Since a node client joins the Elasticsearch cluster, the attackers
could use scripts to execute commands on the host OS using the node
client's URL endpoint. With 1.4.3 release, we are packaging Logstash
with Elasticsearch 1.5.2 binaries which by default disables the
ability to run scripts. This also affects users who are using the
configuration option embedded=>true in the Elasticsearch output
which starts a local embedded Elasticsearch cluster. This is
typically used in development environment and proof of concept
deployments. Regardless of this vulnerability, we strongly recommend
not using embedded in production.
Note that users of transport and http protocol are not vulnerable
to this attack.
Discovery 2014-05-22 Entry 2015-06-26 elasticsearch
< 1.2.0
logstash
< 1.4.3
CVE-2014-3120
67731
https://www.elastic.co/community/security
https://www.elastic.co/blog/elasticsearch-1-2-0-released
https://www.elastic.co/blog/logstash-1-4-3-released
https://www.exploit-db.com/exploits/33370/
http://bouk.co/blog/elasticsearch-rce/
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch
|