Directory Traversal Vulnerability in Elasticsearch Logstash by Elastic
CVE-2015-4152

Currently unrated

Key Information:

Vendor: Elastic
Status: Logstash
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4152?

A directory traversal vulnerability exists in the file output plugin of Elasticsearch Logstash prior to version 1.4.3. This vulnerability permits remote attackers to manipulate file paths through dynamic field references, potentially allowing them to write to arbitrary files on the server. Successful exploitation poses a significant risk as it could lead to unauthorized access or corruption of data.

References

http://www.securityfocus.com/archive/1/535725/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://www.elastic.co/blog/logstash-1-4-3-released

x_refsource_CONFIRM

http://packetstormsecurity.com/files/132233/Logstash-1.4....

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
Jun 1, 2015