Question

310 views12th September 2024Elastic elastic cluster Elasticsearch

2

Andrew Teoh [DevOps Advocate]110 12th September 2024 0 Comments

A recent vulnerability scan detected a "Elasticsearch Unrestricted Access Information Disclosure" in our Dataminer servers. A quick check revealed that this vulnerability is related to Elasticsearch not restricting access to resources by performing user authentication (https://www.tenable.com/plugins/nessus/101025).

Is there a way we can secure the Elasticsearch instance and have the DMA authenticate when accessing the Elasticsearch instance?

Thanks.

Ive Herreman [SLC] [DevOps Catalyst] Answered question 12th September 2024

1 Answer

score 3 · Answer 1 · 2024-09-12T07:41:44+00:00

Hi Andrew, please use the link below for more info on securing your elastic search.

https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Database_security/Security_Elasticsearch.html

Hi Ive… Thanks for pointing me in the right direction.. Will try it out…