Vulnerability - HTTP DELETE Method Enabled

We are using ElasticSearch software for our application in our Project. But we are getting the following vulnerabilities from the security team

HTTP DELETE Method Enabled
The Web server contains a flaw that may allow a remote attacker to delete arbitrary files by using the HTTP method 'DELETE', resulting in a loss of integrity.
Target Port: 9200/TCP

Please help me on fixing this vulnerability.

ElasticSearch Version: 7.8.1

Delete methods are used to manage a variety of assets in elasticsearch like indices, documents, users, alerts etc.
You should enable elasticsearch security to assign appropriate permissions

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.