CVE-2015-4152

{"id": "CVE-2015-4152", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-15T15:59:11.540", "references": [{"url": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/535725/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://www.elastic.co/blog/logstash-1-4-3-released", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.elastic.co/community/security/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/535725/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.elastic.co/blog/logstash-1-4-3-released", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.elastic.co/community/security/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el plugin file output en Elasticsearch Logstash anterior a 1.4.3 permite a atacantes remotos escribir en ficheros arbitrarios a trav\u00e9s de vectores relacionados con referencia a campos din\u00e1micos en la opci\u00f3n de rutas."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2042FB04-763F-4C30-AF0A-2AD364852E8D", "versionEndIncluding": "1.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}