{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20150211 Elasticsearch vulnerability CVE-2015-1427", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/534689/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html"}, {"name": "RHSA-2017:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "72585", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72585"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/"}, {"name": "elasticsearch-cve20151427-command-exec(100850)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100850"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/community/security/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1427", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20150211 Elasticsearch vulnerability CVE-2015-1427", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534689/100/0/threaded"}, {"name": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html"}, {"name": "RHSA-2017:0868", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "72585", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72585"}, {"name": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/", "refsource": "CONFIRM", "url": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/"}, {"name": "elasticsearch-cve20151427-command-exec(100850)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100850"}, {"name": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html"}, {"name": "https://www.elastic.co/community/security/", "refsource": "CONFIRM", "url": "https://www.elastic.co/community/security/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.586Z"}, "title": "CVE Program Container", "references": [{"name": "20150211 Elasticsearch vulnerability CVE-2015-1427", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/534689/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html"}, {"name": "RHSA-2017:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "72585", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72585"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/"}, {"name": "elasticsearch-cve20151427-command-exec(100850)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100850"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.elastic.co/community/security/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1427", "datePublished": "2015-02-17T15:00:00", "dateReserved": "2015-01-31T00:00:00", "dateUpdated": "2024-08-06T04:40:18.586Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA519AE4-05D4-4C0A-81F0-95C50B51DAEA", "versionEndExcluding": "1.3.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "F148EDE6-303D-4F26-B88D-D379BC003B42", "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F31D7E8-D31D-4268-9ABF-3733915AA226", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script."}, {"lang": "es", "value": "El motor de secuencias de comandos Groovy en Elasticsearch anterior a 1.3.8 y 1.4.x anterior a 1.4.3 permite a atacantes remotos evadir el mecanismo de protecci\u00f3n de sandbox y ejecutar comandos de shell arbitrarios a trav\u00e9s de una secuencia de comandos manipulada."}], "id": "CVE-2015-1427", "lastModified": "2024-07-16T17:56:22.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-02-17T15:59:04.560", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/534689/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72585"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100850"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://www.elastic.co/community/security/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0868", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "product_name": "Red Hat JBoss A-MQ 6.3", "release_date": "2017-04-03T00:00:00Z"}, {"advisory": "RHSA-2017:0868", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "product_name": "Red Hat JBoss Fuse 6.3", "release_date": "2017-04-03T00:00:00Z"}], "bugzilla": {"description": "elasticsearch: remote code execution via Groovy sandbox bypass", "id": "1191969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191969"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "details": ["The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.", "It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM."], "name": "CVE-2015-1427", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "amq-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "fuse-amq-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "fuse-esb-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "openshift-origin-cartridge-fuse", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2015-02-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1427\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1427\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Important", "upstream_fix": "Elasticsearch 1.3.8, Elasticsearch 1.4.3"}