Elastic Search Unrestricted Information Disclosure Vulnerability

Hi Team,

We are using Elasticsearch version 1.6.1 for one of our product Recovery Manger.
Where it is just used for message finding and indexing.

Customer is using the Nessus Vulnerability scanner and is coming out with the finding "Elasticsearch Unrestricted Information Disclosure Vulnerability".
For reference Report url : Elasticsearch Unrestricted Access Information Disclosure | Tenable®

Please let me know how we can resolve the vulnerability or any workaround.

It is in priority , Thanks.

Welcome to our community! :smiley:

Elasticsearch 1.6 is no longer supported as it's well past it's EOL. You will need to upgrade.

Thanks for the response.

Which version is stable to use and easy to migrate from 1.6.1 ?

And which is not prone to the above mentioned vulnerability.

The current version is 7.17, 8.0 is not far off being released.

There is nothing easy as 1.6 is sooooo old.
I'd consider reindexing the data if possible.
You might want to try the reindex from remote feature. Not sure how it works with a 1.6 cluster though.

2 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.