[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Elasticsearch vulnerability CVE-2015-3337
From: Kevin Kluge <kevin () elastic ! co>
Date: 2015-04-27 13:47:22
Message-ID: EE421FD5-158E-4647-825D-4EBC8CE24C47 () elastic ! co
[Download RAW message or body]
Summary:
All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory \
traversal attack that allows an attacker to retrieve files from the server running \
Elasticsearch. This vulnerability is not present in the initial installation of \
Elasticsearch. The vulnerability is exposed when a "site plugin" is installed. \
Elastic's Marvel plugin and many community-sponsored plugins (e.g. Kopf, BigDesk, \
Head) are site plugins. Elastic Shield, Licensing, Cloud-AWS, Cloud-GCE, \
Cloud-Azure, the analysis plugins, and the river plugins are not site plugins.
We have been assigned CVE-2015-3337 for this issue.
Fixed versions:
Versions 1.5.2 and 1.4.5 have addressed the vulnerability.
Remediation:
Users should upgrade to 1.5.2 or 1.4.5. This will address the vulnerability and \
preserve site plugin functionality.
Users that do not want to upgrade can address the vulnerability in several ways, but \
these options will break any site plugin:
- Set "http.disable_sites" to true and restart the Elasticsearch node.
- Use a firewall or proxy to block HTTP requests to /_plugin.
- Uninstall all site plugins from all Elasticsearch nodes.
Credit:
John Heasman of DocuSign reported this issue.
CVSS
Overall CVSS score: 4.3
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic