Elasticsearch Vulnerabilities

Can you create a CVE for a system without security? If you care about security you should not run a vanilla OSS Elasticsearch cluster.