4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.962 High
EPSS
Percentile
99.5%
Elastic reports:
Vulnerability Summary: All Elasticsearch versions prior to 1.5.2
and 1.4.5 are vulnerable to a directory traversal attack that allows
an attacker to retrieve files from the server running Elasticsearch
when one or more site plugins are installed, or when Windows is the
server OS.
Remediation Summary: Users should upgrade to 1.4.5 or 1.5.2. Users
that do not want to upgrade can address the vulnerability by
disabling site plugins. See the CVE description for additional
options.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | elasticsearch | < 1.4.5 | UNKNOWN |