It was reported that Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack. Mitigation: Constrain access to the snapshot API to trusted sources.
Created elasticsearch tracking bugs for this issue: Affects: fedora-all [bug 1244239]
Statement: This issue does not affect the versions of elasticsearch as shipped with Red Hat Satellite 6.x and Subscription Asset Manager 1.x.