Moderate severityNVD Advisory· Published Aug 17, 2015· Updated May 6, 2026

CVE-2015-5531

Description

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.elasticsearch:elasticsearchMaven	< 1.6.1	1.6.1

Affected products

Elasticsearch/Elasticsearch
cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*
Range: <=1.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-jjq8-vfjq-j6v4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-5531ghsaADVISORY
www.elastic.co/community/security/nvdVendor Advisory
packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.htmlnvdWEB
packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.htmlnvdWEB
packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.htmlnvdWEB
www.elastic.co/community/securityghsaWEB
www.exploit-db.com/exploits/38383ghsaWEB
www.securityfocus.com/archive/1/536017/100/0/threadednvd
www.securityfocus.com/bid/75935nvd
www.exploit-db.com/exploits/38383/nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000