What it is
Elasticsearch is commonly used for search and log storage. When port 9200 is publicly accessible, anyone on the internet may be able to query, modify, or delete stored data. Exposed instances often allow information disclosure through open indices and unauthenticated APIs.
Why it matters
Public Elasticsearch instances frequently contain sensitive logs, credentials, personal data, or internal system details. These services are regularly targeted and have been involved in multiple large-scale data breaches.
How to reduce risk
- Restrict access to Elasticsearch using network controls or private networking.
- Enable authentication and role-based access control for all clusters.
- Avoid exposing management ports to the public internet and monitor for unexpected access.