CVE-2015-4152 β€” Path Traversal in Logstash

CWE-22 β€” Path Traversal4 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.6%
top 29.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Logstash
Timeline
PublishedJun 15
Latest updateMay 14

Description

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

β–ΆNVDelastic/logstash1.4.2

πŸ”΄Vulnerability Details

2
GHSA
GHSA-r8rm-c9x9-3f5g: Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1β†—2022-05-14
β–Ά
CVEList
CVE-2015-4152: Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1β†—2015-06-15
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Microsoft Windows - Win32k Elevation of Privilege↗2020-12-02
β–Ά
CVE-2015-4152 β€” Path Traversal in Elastic Logstash | cvebase