Description
Elasticsearch is a highly scalable open-source full-text search and analytics engine. It allows you to store, search, and analyze big volumes of data quickly and in near real time. It is generally used as the underlying engine/technology that powers applications that have complex search features and requirements.
Acunetix discovered that is possible to access the elasticsearch service. This service should not be accessible on a production website as it may give an attacker access to sensitive information about the affected system. Elasticsearch has no access roles or authentication mechanism. This means that you have full control over a cluster the moment you connect to it.
Remediation
Disable external access to the elasticsearch service.
References
Related Vulnerabilities
WordPress Plugin ContentStudio Multiple Vulnerabilities (1.2.5)
Go web application binary disclosure
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.3)
WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)