Back to KEVs

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 31, 2015
Published Date: February 17, 2015
Last Updated: February 10, 2025
Vendor: n/a
Product: n/a
Description: The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-25 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2020-06-22 05:00:22 UTC) Source

References

http://www.securityfocus.com/archive/1/534689/100/0/threaded http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html https://access.redhat.com/errata/RHSA-2017:0868 http://www.securityfocus.com/bid/72585 http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/ https://exchange.xforce.ibmcloud.com/vulnerabilities/100850 http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html https://www.elastic.co/community/security/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-25 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/elasticsearch/search_groovy_script.rb	2025-04-29 11:01:20 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-1427.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

search_groovy_script

Type: metasploit • Created: Unknown

Metasploit module for CVE-2015-1427

xpgdgit/CVE-2015-1427

Type: github • Created: 2022-07-29 09:14:56 UTC • Stars: 0

cyberharsh/Groovy-scripting-engine-CVE-2015-1427

Type: github • Created: 2020-06-22 05:00:22 UTC • Stars: 0

t0kx/exploit-CVE-2015-1427

Type: github • Created: 2017-01-09 20:08:56 UTC • Stars: 33

Elasticsearch 1.4.0 < 1.4.2 Remote Code Execution exploit and vulnerable container