Unauthenticated Access to Elasticsearch
Elasticsearch is a distributed search engine, commonly used for log aggregation and analysis. Unauthenticated access to Elasticsearch allows attackers to retrieve and potentially alter data in the cluster.
Attackers can access sensitive data stored in the Elasticsearch cluster, such as plain-text passwords, operational intelligence, and business-critical information. Attackers with write access can tamper with data and reconfigure the cluster.