FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

elasticsearch -- directory traversal attack via snapshot API

Affected packages
1.0.0 <= elasticsearch < 1.6.1

Details

VuXML ID ae8c09cb-32da-11e5-a4a5-002590263bf5
Discovery 2015-07-16
Entry 2015-08-05

Elastic reports:

Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack.

Remediation Summary: Users should upgrade to 1.6.1 or later, or constrain access to the snapshot API to trusted sources.

References

CVE Name CVE-2015-5531
FreeBSD PR ports/201834
URL https://www.elastic.co/community/security