Elasticsearch remote code execution

Description
  • Elasticsearch is a highly scalable open-source full-text search and analytics engine. It allows you to store, search, and analyze big volumes of data quickly and in near real time. It is generally used as the underlying engine/technology that powers applications that have complex search features and requirements.<br/><br/> Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to execute arbitrary code on visitors with Elasticsearch installed. Elasticsearch has no access roles or authentication mechanism. This means that you have full control over a cluster the moment you connect to it.
Remediation
  • Add the following line to your elasticsearch.yml to disable dynamic scripting and prevent remote code execution: <br/> <pre> script.disable_dynamic: true </pre> You should also make sure that your local Elasticsearch instance is only binding on localhost.
References