CVE-2015-4152
Logstash < 1.4.3 - Path Traversal and Arbitrary File Write via File Output Plugin
Title source: llmDescription
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535725/100/0/threaded
Vendor Advisory x_refsource_confirm
https://www.elastic.co/blog/logstash-1-4-3-released
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html
Vendor Advisory x_refsource_confirm
https://www.elastic.co/community/security/
Scores
EPSS
0.0063
EPSS Percentile
70.5%
Details
CWE
CWE-22
Status
published
Products (1)
elastic/logstash
< 1.4.2
Published
Jun 15, 2015
Tracked Since
Feb 18, 2026