Lucene search
+L

27 matches found

Prion
Prion
added 2015/02/17 3:59 p.m.32 views

Design/Logic Flaw

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

7.5CVSS7.5AI score0.99906EPSS
Exploits19References8Affected Software1
OSV
OSV
added 2015/02/17 3:59 p.m.2 views

UBUNTU-CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

9.8CVSS7.7AI score0.99906EPSS
Exploits19References7
Vulnrichment
Vulnrichment
added 2015/02/17 3:0 p.m.14 views

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

9.4AI score0.99906EPSS
Exploits19References8
CVE
CVE
added 2015/02/17 3:0 p.m.1268 views

CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...

9.8CVSS9.2AI score0.99906EPSS
In wildExploits19References9Affected Software1
Positive Technologies
Positive Technologies
added 2015/02/17 12:0 a.m.10 views

PT-2015-5280 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 1.3.x through 1.3.7 Elasticsearch versions 1.4.x through 1.4.2 Description: The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell...

9.8CVSS9.4AI score0.99906EPSS
Exploits19References27
ATTACKERKB
ATTACKERKB
added 2015/02/17 12:0 a.m.52 views

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9.8CVSS9AI score0.99906EPSS
In wildExploits19References12
CNVD
CNVD
added 2015/02/13 12:0 a.m.3 views

Elasticsearch Groovy Scripting Engine Sandbox Security Bypass Vulnerability

ElasticSearch is an open source , distributed , RESTful search engine built on Lucene . A security bypass vulnerability exists in the Elasticsearch Groovy scripting engine sandbox, which can be exploited by an attacker to bypass certain security restrictions and perform unauthorized operations...

9.8CVSS6.6AI score0.99906EPSS
Exploits19References1
Rows per page
Query Builder