CVE-2015-4152: Path Traversal
First published: Mon Jun 15 2015(Updated: )
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Logstash Output Plugin for Elasticsearch | <=1.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-4152?
CVE-2015-4152 is classified as a high severity vulnerability due to its ability to allow remote attackers to write to arbitrary files.
How do I fix CVE-2015-4152?
To fix CVE-2015-4152, upgrade Elasticsearch Logstash to version 1.4.3 or later.
What type of vulnerability is CVE-2015-4152?
CVE-2015-4152 is a directory traversal vulnerability affecting the file output plugin in Logstash.
Who is affected by CVE-2015-4152?
CVE-2015-4152 affects any user running Logstash versions prior to 1.4.3 that utilizes the file output plugin.
What can an attacker do with CVE-2015-4152?
An attacker exploiting CVE-2015-4152 can write to arbitrary files on the server, potentially leading to data breaches or system compromise.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/elastic
- canonical/logstash output plugin for elasticsearch
- version/logstash output plugin for elasticsearch/1.4.2