Skip to content

Commit

Permalink
Fixes #294: AWS ES Index Name Leakage (#297)
Browse files Browse the repository at this point in the history 
* Fixes #294: AWS ES Index Name Leakage

* Update aws-elasticsearch-index-name-leakage.yaml

---------

Co-authored-by: Merav <83602216+mer-b@users.noreply.github.com>
  • Loading branch information
@ramimac @mer-b
ramimac and mer-b committed Jul 23, 2024
1 parent 11800fd commit 6f6e3d1
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions vulnerabilities/aws-elasticsearch-index-name-leakage.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
title: AWS ElasticSearch Index Name Leakage
slug: aws-es-index-name-leak
cves: null
affectedPlatforms:
- AWS
affectedServices:
- AWS ElasticSearch
image: https://images.unsplash.com/photo-1569235186275-626cb53b83ce?q=80&w=2070&auto=format&fit=crop&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D
severity: low
discoveredBy:
name: Scott Piper
org: Duo Security
domain: null
twitter: 0xdabbad00
publishedAt: 2018/05/15
disclosedAt: 2018/01/30
exploitabilityPeriod: null
knownITWExploitation: null
summary: |
Even for the AWS-managed ElasticSearch clusters that had not been made public,
their index names could be learned.
manualRemediation: |
None required
detectionMethods: null
contributor: https://github.com/ramimac
references:
- https://duo.com/blog/beyond-s3-exposed-resources-on-aws

0 comments on commit 6f6e3d1

Please sign in to comment.