Elasticsearch Unrestricted Access Information Disclosure

medium Nessus Plugin ID 101025

Synopsis

The search engine running on the remote web server is affected by an information disclosure vulnerability.

Description

The Elasticsearch application running on the remote web server is affected by an information disclosure vulnerability due to a failure to restrict resources via authentication. An unauthenticated, remote attacker can exploit this to disclose sensitive information from the database.

Solution

Enable native user authentication or integrate with an external user management system such as LDAP and Active Directory.

See Also

http://www.nessus.org/u?d055e692

http://www.nessus.org/u?b80612a1

Plugin Details

Severity: Medium

ID: 101025

File Name: elasticsearch_unprotected.nasl

Version: Revision: 1.2

Type: remote

Family: CGI abuses

Published: 6/23/2017

Updated: 6/27/2017

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:elasticsearch:elasticsearch

Required KB Items: installed_sw/Elasticsearch

Vulnerability Publication Date: 6/1/2017