Hello,
I'm new with Elastic and we are only using this on UiPath for monitoring. We recently got this vulnerability: Elasticsearch Unrestricted Access Information Disclosure
Can anyone help me on what to do to fix this?
Thanks!
Hello,
I'm new with Elastic and we are only using this on UiPath for monitoring. We recently got this vulnerability: Elasticsearch Unrestricted Access Information Disclosure
Can anyone help me on what to do to fix this?
Thanks!
Can you please create some more context where this message is coming from? I suppose you used some security scanner against Elasticsearch without securing it. You can check out the documentation here.
Hi sorry about that. I think the reason why this vulnerability was found is because we do not use authentication for kibana and elastic.
Does adding authentication and password for user on kibana available for the free version?
Security is available with the basic license from version 6.8 onwards, so you will need to upgrade.
Hi, we are using 6.6 at the moment. So the adding of password and user is not available for this version? Where can I see which version has this option? As of now UiPath last Elasticseach version they support is 6.6 so I'm hesitant to upgrade version
thanks!
I saw that I need to enable xpack.security.enabled
setting is true
on elasticsearch.yml but i do not know how to do this.
Is it okay to just edit the yml file via notepad?
Yes, you can use an editor. If you are using 6.6 this will however require a commercial license.
Thanks a lot Christian. I just checked and it seems UiPath supports 6.8 and 7x now. Do you think it's better to install 7x or 6.8 for the authentication?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.