Elasticsearch ECE 7.13.3 Database Disclosure (27th Jul 2021)

Preface: 3431 companies reportedly use Elasticsearch in their tech stacks, including Uber, Shopify, and Udemy.

Background: Elasticsearch is based on Lucene, very fast and scalable for searching operations. Elasticsearch is good for data analysis, logging and error monitoring and alerting so can be used to search all kinds of documents.
Remark: Apache Lucene is a free and open-source search engine software library, originally written completely in Java by Doug Cutting.

Elasticsearch Service on Google Cloud Platform (GCP) availabe in 2017, allowing customers to deploy the latest versions of Elasticsearch, Kibana, and our continually expanding set of features (such as security, machine learning, Elasticsearch SQL, and Canvas) and solutions for logging and infrastructure.

Vulnerability details: All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.

Remedy: Vendor announcement, please refer to the link – https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.