Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Elasticsearch 安全漏洞
Vulnerability Description
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elastic Cloud Enterprise存在安全漏洞,该漏洞源于在已部署的集群中,所有版本的Elastic Cloud Enterprise默认都启用了Elasticsearch匿名用户。在默认设置中,匿名用户没有权限,并且无法成功查询任何Elasticsearch api,攻击者可利用该漏洞可以利用匿名用
CVSS Information
N/A
Vulnerability Type
N/A