Hi, I'm trying to exploit the log4j vulnerability in Elasticsearch 5.6.9 for an academic project.
I was able to get a RCE (a simple print), but when it comes to executing a shell,
I get this error: java.security.AccessControlException: access denied ("java.io.FilePermission" "/bin/bash" "execute")
Now, I'm not an Elasticsearch or docker expert, so I was wondering if I could specify some options to disable java security policies when running the container.
Thanks!