Elasticsearch 1.4.5 directory traversal attack

2015.04.27
Credit: DocuSign
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch. This vulnerability is not present in the initial installation of Elasticsearch. The vulnerability is exposed when a 'site plugin' is installed. Elastic's Marvel plugin and many community-sponsored plugins (e.g. Kopf, BigDesk, Head) are site plugins. Elastic Shield, Licensing, Cloud-AWS, Cloud-GCE, Cloud-Azure, the analysis plugins, and the river plugins are not site plugins. We have been assigned CVE-2015-3337 for this issue. Fixed versions: Versions 1.5.2 and 1.4.5 have addressed the vulnerability. Remediation: Users should upgrade to 1.5.2 or 1.4.5. This will address the vulnerability and preserve site plugin functionality. Users that do not want to upgrade can address the vulnerability in several ways, but these options will break any site plugin: - Set 'http.disable_sites' to true and restart the Elasticsearch node. - Use a firewall or proxy to block HTTP requests to /_plugin. - Uninstall all site plugins from all Elasticsearch nodes. Credit: John Heasman of DocuSign reported this issue. CVSS Overall CVSS score: 4.3


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top