CVE-2015-5531
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
EPSS 92.0%
Description
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
How to fix CVE-2015-5531
To remediate CVE-2015-5531, upgrade the affected package to a fixed version below.
- Maven/org.elasticsearch:elasticsearch—upgrade to 1.6.1 or later
Is CVE-2015-5531 being exploited?
Likely — EPSS is 92.0%, placing CVE-2015-5531 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1.6.1
References (6)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-5531
- WEBpacketstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html
- WEBpacketstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html
- WEBpacketstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html