Improper Access Control Affecting org.elasticsearch:elasticsearch package, versions [0.6.0,1.3.8) [1.4.0,1.4.3)

Exploit Maturity

Mature
Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGELASTICSEARCH-31127
published

18 Feb 2015
disclosed

17 Feb 2015
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 17 Feb 2015

CVE-2015-1427 Open this link in a new tab CWE-284 Open this link in a new tab

Overview

org.elasticsearch:elasticsearch The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

Improper Access Control Affecting org.elasticsearch:elasticsearch package, versions [0.6.0,1.3.8) [1.4.0,1.4.3)

Exploit Maturity

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 17 Feb 2015

Overview

References