Is this a bug to be addressed or
is it supposed to behave this way?
I tried querying the Elasticsearch cluster with an xpack query like below:
GET http://elastic-cluster-ip:port/_xpack/ssl/certificates
It returned the error as:
{
"error": {
"root_cause": [
{
"type": "no_such_file_exception",
"reason": "/etc/elasticsearch/certs/ca.p12"
}
],
"type": "no_such_file_exception",
"reason": "/etc/elasticsearch/certs/ca.p12"
},
"status": 500
}
Does this also means that if someone is able to crack the user credentials or gets access to it without access to cluster backend, can know details about some if not all cluster configurations?
I am thinking this will also depend on the amount of permissions the user has with which the query was run?