Hello from Japan
I'm concerned about Elastic's security announcement.
Specifically, it's about the Kibana vulnerability (CVE-2024-37287).
I created an elasticsearch.serviceAccountToken for Kibana using the command below.
If I access Elasticsearch with that token, am I correct in thinking that I cannot access the hidden index [.ml-anomalies*] (no permissions)?
- Command to create an elasticsearch.serviceAccountToken for Kibana
POST /_security/service/elastic/kibana/credential/token/<kibana_name>
I need help from all the great Elastic engineers
Regards.