ElasticSearch 1.4.0/1.4.2 RCE

By
Prathap
Published on
16 Jun 2021
1 min read
Vulnerability

Remote Code Evaluation will result in the entire web application and web server being compromised.It’s worth noting that code evaluation functions are available in almost any programming language.Here RCE is performed over Elastic Search Engine it is a real time distributed and analytical engine developed in java.It is mainly used for single page application projects.Elastic search is based on the Lucene engine, which has a REST gui on top of it.Instead of tables and schemas, it supports full text search, which is mostly document-based.Elasticsearch versions prior to 1.3.8 and 1.4.x versions prior to 1.4.3 are vulnerable to this attack.Remote attackers would break Elasticsearch’s sandbox security by writing a custom script that uses the Groovy scripting language.

IMPACT

It is possible to change certain system files or information, but the attacker has no control over what can be changed, or the scope of what the attacker can affect is restricted.There is a decrease in efficiency or a disruption in the availability of resources also happen after the attack was performed.

Mitigation / Precaution

  • Upgrade to 1.3.8 or 1.4.3 if you haven’t already. If you don’t want to update, change script.groovy.sandbox.enabled to false in elasticsearch.yml and restart the node to fix the vulnerability.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Prathap
Prathap
Co-founder, Director
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment