⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2015-1427Improper Access Control in Elasticsearch

CWE-284Improper Access Control16 documents12 sources
Severity
9.8CRITICALNVD
EPSS
92.3%
top 0.28%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Elastic ElasticsearchRedhat Fuse
Timeline
PublishedFeb 17
KEV addedMar 25
KEV dueApr 15
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.

Description

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDelastic/elasticsearch1.4.01.4.3+1
Ubuntuelastic/elasticsearch< 1.7.3+dfsg-3
NVDredhat/fuse1.0.0

Patches

Patch: www.elasticsearch.comPatch: www.elasticsearch.com

🔴Vulnerability Details

5
OSV
Improper Access Control in Elasticsearch2022-05-14
GHSA
Improper Access Control in Elasticsearch2022-05-14
CVEList
CVE-2015-1427: The Groovy scripting engine in Elasticsearch before 12015-02-17
OSV
CVE-2015-1427: The Groovy scripting engine in Elasticsearch before 12015-02-17
VulnCheck
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability2015

💥Exploits & PoCs

3
Exploit-DB
ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)2015-03-16
Exploit-DB
ElasticSearch - Remote Code Execution2015-03-11
Nuclei
ElasticSearch - Remote Code Execution

🔍Detection Rules

2
Suricata
ET EXPLOIT Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate2015-06-26
Suricata
ET WEB_SERVER Possible CVE-2015-1427 Elastic Search Sandbox Escape Remote Code Execution Attempt2015-03-09

📋Vendor Advisories

2
CISA
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability2022-03-25
Red Hat
elasticsearch: remote code execution via Groovy sandbox bypass2015-02-11

💬Community

1
Bugzilla
CVE-2015-1427 elasticsearch: remote code execution via Groovy sandbox bypass2015-02-12
CVE-2015-1427 — Improper Access Control in Elastic | cvebase