elasticsearch-unauth: ElasticSearch Information Disclosure

漏洞描述

PoC代码[已公开]

id: elasticsearch-unauth

info:
  name: ElasticSearch Information Disclosure
  author: p0wd3r
  severity: high
  verified: true
  description: |-
    /_nodes #查看节点数据
    /_cat/indices #索引
    _cat/indices
    /_plugin/head
    /_nodes/
    /_status
    /_search?pretty
  tags: elasticsearch,unauth
  created: 2023/07/07

rules:
  r0:
    request:
      method: GET
      path: /_cat
    expression: response.status == 200 && response.body.bcontains(b"/_cat/master")
expression: r0()

相关漏洞推荐

• POC CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE
• POC CVE-2015-1427: ElasticSearch - Remote Code Execution
• POC CVE-2015-3337: Elasticsearch - Local File Inclusion
• POC CVE-2015-5531: ElasticSearch <1.6.1 - Local File Inclusion
• POC CVE-2021-22145: Elasticsearch 7.10.0-7.13.3 - Information Disclosure
• POC CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE
• POC CVE-2015-1427: ElasticSearch - Remote Code Execution
• POC CVE-2015-3337: Elasticsearch File Read
• POC CVE-2015-5531: Elasticsearch CVE-2015-5531
• POC CVE-2021-22145: ElasticSearch 7.13.3 - Memory disclosure
• POC elasticsearch-default-login: ElasticSearch - Default Login
• POC elasticsearch: ElasticSearch Information Disclosure
• POC elasticsearch-sql-client-detect: Elasticsearch - SQL Client Detection