Описание
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Отчет
This issue does not affect the versions of elasticsearch as shipped with Red Hat Satellite 6.x and Subscription Asset Manager 1.x.
Меры по смягчению последствий
Constrain access to the snapshot API to trusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | elasticsearch | Not affected | ||
| Red Hat Subscription Asset Manager | elasticsearch | Not affected |
Показывать по
Дополнительная информация
Статус:
1.9 Low
CVSS2
Связанные уязвимости
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows ...
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
1.9 Low
CVSS2