CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
99.8%
Elastic reports:
Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0
are vulnerable to a directory traversal attack.
Remediation Summary: Users should upgrade to 1.6.1 or later, or
constrain access to the snapshot API to trusted sources.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | elasticsearch | = 1.0.0 | UNKNOWN |
FreeBSD | any | noarch | elasticsearch | < 1.6.1 | UNKNOWN |