Querying the cluster incorrectly, returns the path of the cert in error

Is this a bug to be addressed or
is it supposed to behave this way?

I tried querying the elastic search cluster with an xpack query like below:

GET http://elastic-cluster-ip:port/_xpack/ssl/certificates

It returned the error as:

{
    "error": {
        "root_cause": [
            {
                "type": "no_such_file_exception",
                "reason": "/etc/elasticsearch/certs/ca.p12"
            }
        ],
        "type": "no_such_file_exception",
        "reason": "/etc/elasticsearch/certs/ca.p12"
    },
    "status": 500
}

Does this also means that if someone is able to crack the user credentials or gets access to it without access to cluster backend, can know details about some if not all cluster configurations?
I am thinking this will also depend on the amount of permissions the user has with which the query was run?

Hi,

This is intended behavior and the API endpoint is documented here. The fact that you get an error there means that your SSL configuration in elasticsearch.yml is not valid. (which doesn't cause an issue now since you clearly have TLS in the http layer off ).

What would you mean with

gets access to it without access to cluster backend

exactly ?

The Cluster APIs are detailed here and yes, as this is their intended purpose, these API endpoints will provide cluster information. I'm not sure I understand your concerns though, as with all systems, when you get access (maliciously or legitimately) to a user account, you can do whatever that user account has the permissions to do .

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.