The Groovy scripting engine in Elasticsearch prior to 1.3.8 and 1.4.x prior to 1.4.3 allows remote malicious users to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
elasticsearch elasticsearch 1.4.0 |
||
elasticsearch elasticsearch 1.4.1 |
||
elasticsearch elasticsearch 1.4.2 |
||
elasticsearch elasticsearch |
Yes it's years out of date but there's no such thing as security through obscurity
Cisco's security limb has spotted nefarious people targeting Elasticsearch clusters using relatively ancient vulns to plant malware, cryptocurrency miners and worse – though it does root out some other cybercrims’ dodgy wares, cuckoo-style. "These attackers are targeting clusters using versions 1.4.2 and lower," said the networking giant's infosec arm, Talos, in a post summarising what its honeypot setup had caught for examination. The seemingly China-based attackers used two known vulnerabi...
Devs ring patch alarm bells, drop shell code
Attackers are targeting a patched remote code execution vulnerability in Elasticsearch that grants unauthenticated bad guys access through a buggy API. The flaw (CVE-2015-1427) within the world's number two enterprise search engine was patched last month. It relates, for folks at Mitre say, to the Groovy scripting engine in Elasticsearch before versions 1.3.8 and 1.4.3 in which sandbox protections could be bypassed, allowing the execution of arbitrary shell commands with a crafted script. The fi...