CVE-2015-1427
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
YesDecision
Descriptions
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
El motor de secuencias de comandos Groovy en Elasticsearch anterior a 1.3.8 y 1.4.x anterior a 1.4.3 permite a atacantes remotos evadir el mecanismo de protección de sandbox y ejecutar comandos de shell arbitrarios a través de una secuencia de comandos manipulada.
It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-31 CVE Reserved
- 2015-02-11 CVE Published
- 2015-03-11 First Exploit
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2024-08-06 CVE Updated
- 2024-08-13 EPSS Updated
CWE
- CWE-284: Improper Access Control
CAPEC
References (18)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/36415 | 2015-03-16 | |
| https://www.exploit-db.com/exploits/36337 | 2015-03-11 | |
| https://github.com/t0kx/exploit-CVE-2015-1427 | 2017-01-09 | |
| https://github.com/xpgdgit/CVE-2015-1427 | 2022-08-01 | |
| https://github.com/cyberharsh/Groovy-scripting-engine-CVE-2015-1427 | 2020-06-24 | |
| http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released | 2018-10-09 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:0868 | 2018-10-09 | |
| https://www.elastic.co/community/security | 2018-10-09 | |
| https://access.redhat.com/security/cve/CVE-2015-1427 | 2017-04-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1191969 | 2017-04-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elasticsearch Search vendor "Elasticsearch" | Elasticsearch Search vendor "Elasticsearch" for product "Elasticsearch" | <= 1.3.7 Search vendor "Elasticsearch" for product "Elasticsearch" and version " <= 1.3.7" | - |
Affected
| ||||||
| Elasticsearch Search vendor "Elasticsearch" | Elasticsearch Search vendor "Elasticsearch" for product "Elasticsearch" | 1.4.0 Search vendor "Elasticsearch" for product "Elasticsearch" and version "1.4.0" | - |
Affected
| ||||||
| Elasticsearch Search vendor "Elasticsearch" | Elasticsearch Search vendor "Elasticsearch" for product "Elasticsearch" | 1.4.0 Search vendor "Elasticsearch" for product "Elasticsearch" and version "1.4.0" | beta1 |
Affected
| ||||||
| Elasticsearch Search vendor "Elasticsearch" | Elasticsearch Search vendor "Elasticsearch" for product "Elasticsearch" | 1.4.1 Search vendor "Elasticsearch" for product "Elasticsearch" and version "1.4.1" | - |
Affected
| ||||||
| Elasticsearch Search vendor "Elasticsearch" | Elasticsearch Search vendor "Elasticsearch" for product "Elasticsearch" | 1.4.2 Search vendor "Elasticsearch" for product "Elasticsearch" and version "1.4.2" | - |
Affected
| ||||||