Hi Team,
In dashboard, found that default files of kibana, elastic search are present in the box which are directly accessible from browser.
https://server/kibana/README.txt
https://server/kibana/LICENSE.txt
https://server/proxy/ui/fonts/inter_ui/LICENSE.txt
Please help me to make above url inaccessible .
@ravi_yadav2 In what Kibana version you experience the problem with README.txt being exposed?
Regarding LICENSE.txt: some OSS products, that we use, require to be distributed with the license file.
You might set up your reverse proxy to limit access to any resources in your network.
I am working with Kibana version 7.4.2
I checked artifacts and found only one README.txt in the Kibana root folder, which shouldn't be served.
Are you sure Kibana serves them? Do you have any reverse proxy (Nginx maybe?) running? You can verify this by stopping Kibana and being able to load the files.
Yes , After stopping kibana i am able to access below two files
https://server/kibana/README.txt
https://server/kibana/LICENSE.txt
Then you have to tune your server (Apache, Nginx, etc.) to limit access only to specific resources. Otherwise, it can be a serious source of vulnerabilities.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.