Querying the cluster incorrectly, returns the path of the cert in error

Diadems · April 18, 2018, 7:16pm

Is this a bug to be addressed or
is it supposed to behave this way?

I tried querying the Elasticsearch cluster with an xpack query like below:

GET http://elastic-cluster-ip:port/_xpack/ssl/certificates

It returned the error as:

{
    "error": {
        "root_cause": [
            {
                "type": "no_such_file_exception",
                "reason": "/etc/elasticsearch/certs/ca.p12"
            }
        ],
        "type": "no_such_file_exception",
        "reason": "/etc/elasticsearch/certs/ca.p12"
    },
    "status": 500
}

Does this also means that if someone is able to crack the user credentials or gets access to it without access to cluster backend, can know details about some if not all cluster configurations?
I am thinking this will also depend on the amount of permissions the user has with which the query was run?

ikakavas · April 19, 2018, 6:59am

Hi,

This is intended behavior and the API endpoint is documented here. The fact that you get an error there means that your SSL configuration in elasticsearch.yml is not valid. (which doesn't cause an issue now since you clearly have TLS in the http layer off ).

What would you mean with

gets access to it without access to cluster backend

exactly ?

The Cluster APIs are detailed here and yes, as this is their intended purpose, these API endpoints will provide cluster information. I'm not sure I understand your concerns though, as with all systems, when you get access (maliciously or legitimately) to a user account, you can do whatever that user account has the permissions to do .

system · May 17, 2018, 7:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.