Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5531 — Path Traversal in Elasticsearch

CWE-22 — Path Traversal11 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

92.0%

top 0.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Elastic Elasticsearch Elasticsearch

Timeline

PublishedAug 17

Latest updateMay 14

Description

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Ubuntuelastic/elasticsearch< 1.7.3+dfsg-3

▶NVDelasticsearch/elasticsearch1.6.0

🔴Vulnerability Details

OSV

Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch↗2022-05-14

▶

GHSA

Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch↗2022-05-14

▶

OSV

CVE-2015-5531: Directory traversal vulnerability in Elasticsearch before 1↗2015-08-17

▶

CVEList

CVE-2015-5531: Directory traversal vulnerability in Elasticsearch before 1↗2015-08-17

▶

VulnCheck

Elastic Elasticsearch Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2015

▶

💥Exploits & PoCs

Exploit-DB

ElasticSearch 1.6.0 - Arbitrary File Download↗2015-10-02

▶

Nuclei

ElasticSearch <1.6.1 - Local File Inclusion

▶

📋Vendor Advisories

Red Hat

elasticsearch: directory traversal attack↗2015-07-16

▶

💬Community

Bugzilla

CVE-2015-5531 elasticsearch: directory traversal attack↗2015-07-17

▶

Bugzilla

CVE-2015-5377 CVE-2015-5531 elasticsearch: various flaws [fedora-all]↗2015-07-17

▶