Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Contribution] 2018 Duo Security - ElasticSearch index name disclosure #294

Closed
ramimac opened this issue Apr 18, 2024 · 0 comments
Closed

[Contribution] 2018 Duo Security - ElasticSearch index name disclosure #294

ramimac opened this issue Apr 18, 2024 · 0 comments
Labels
addition New security issue or vulnerability aws Issue related to an AWS service

Comments

@ramimac
Copy link
Contributor

ramimac commented Apr 18, 2024

Summary (give a brief description of the issue)

These issues include fixing the information disclosure of the index names for private AWS-managed ElasticSearch clusters, enforcing host header authentication to make the public clusters more difficult to access, and AWS has taken steps to reach out to customers with public ElasticSearch clusters.

References (provide links to blogposts, etc.)

https://duo.com/blog/beyond-s3-exposed-resources-on-aws
@ramimac ramimac added the addition New security issue or vulnerability label Apr 18, 2024
@ramimac ramimac changed the title [Contribution] Add security issue or vulnerability [Contribution] 2018 Duo Security - ElasticSearch index name disclosure Apr 18, 2024
ramimac added a commit to ramimac/open-cvdb that referenced this issue Apr 19, 2024
@ramimac
Fixes wiz-sec#294: AWS ES Index Name Leakage
042bec4
@korniko98 korniko98 added the aws Issue related to an AWS service label Apr 28, 2024
@mer-b mer-b closed this as completed in 6f6e3d1 Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
addition New security issue or vulnerability aws Issue related to an AWS service
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ramimac @korniko98