Elastic 6.6 Elasticsearch Unrestricted Access Information Disclosure

Hello,

I'm new with Elastic and we are only using this on UiPath for monitoring. We recently got this vulnerability: Elasticsearch Unrestricted Access Information Disclosure

Can anyone help me on what to do to fix this?

Thanks!

Can you please create some more context where this message is coming from? I suppose you used some security scanner against Elasticsearch without securing it. You can check out the documentation here.

1 Like

Hi sorry about that. I think the reason why this vulnerability was found is because we do not use authentication for kibana and elastic.

Does adding authentication and password for user on kibana available for the free version?

Security is available with the basic license from version 6.8 onwards, so you will need to upgrade.

1 Like

Hi, we are using 6.6 at the moment. So the adding of password and user is not available for this version? Where can I see which version has this option? As of now UiPath last Elasticseach version they support is 6.6 so I'm hesitant to upgrade version

thanks!

I saw that I need to enable xpack.security.enabled setting is true on elasticsearch.yml but i do not know how to do this.

Is it okay to just edit the yml file via notepad?

Yes, you can use an editor. If you are using 6.6 this will however require a commercial license.

1 Like

Thanks a lot Christian. I just checked and it seems UiPath supports 6.8 and 7x now. Do you think it's better to install 7x or 6.8 for the authentication?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.