DESCRIPTION LAST UPDATED: 2024-12-16
DEFAULT SEVERITY LEVEL: HIGH
This report identifies hosts that have Elasticsearch/OpenSearch running and accessible on the Internet.
On its own, Elasticsearch does not support authentication or restrict access to the datastore, so it is possible that any entity that can access the Elasticsearch instance may have complete control to do what they will with it. The probe that we are using is a “GET / HTTP/1.1” sent to port 9200/tcp.
See https://www.elastic.co/products/elasticsearch for more information on Elasticsearch.
See https://opensearch.org/ for more information on OpenSearch (derived from Elasticsearch).
You view exposed Elasticsearch instances on our Dashboard.
Severity levels are described here.
For more information on our scanning efforts, check out our Internet scanning summary page.
Filename(s): scan_elasticsearch, scan6_elasticsearch