← back
CVE-2015-1427

CVE-2015-1427

CVSS 9.8 CRITICALEPSS 99.9%● KEV
In short

Elasticsearch allowed attackers to run any command on the server by bypassing safety restrictions in its Groovy script feature. This is critical because it gives complete control of the affected system to anyone who can send a malicious script.

Technical detail

The Groovy scripting engine in vulnerable Elasticsearch versions (before 1.3.8 and 1.4.x before 1.4.3) failed to properly enforce sandbox restrictions, allowing remote code execution. An attacker could craft malicious Groovy scripts to escape the sandbox and execute arbitrary shell commands with the privileges of the Elasticsearch process, leading to full system compromise.

Summary generated and translated by AI from the official description.
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found9
githubgithub.com/t0kx/exploit-CVE-2015-142732githubgithub.com/xpgdgit/CVE-2015-14270githubgithub.com/Sebikea/CVE-2015-1427-for-trixie0githubgithub.com/cved-sources/cve-2015-14270githubgithub.com/cyberharsh/Groovy-scripting-engine-CVE-2015-14270exploitdbwww.exploit-db.com/exploits/36337unverifiedcve_referencepacketstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/36415unverifiedcve_referencepacketstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.htmlhttp://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.htmlhttps://access.redhat.com/errata/RHSA-2017:0868https://exchange.xforce.ibmcloud.com/vulnerabilities/100850https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1427https://www.elastic.co/community/security/http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/http://www.securityfocus.com/archive/1/534689/100/0/threadedhttp://www.securityfocus.com/bid/72585