zet

Elasticsearch log4shell/log4j Vulnerability

“Elasticsearch uses Log4j 2 for logging.”

Elasticsearch is definitely and critically affected by this vulnerability. Anyone who can produce anything that ends up in any Elasticsearch log can start backdoor services on the target ES server.

Related:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html

Tags:

#secops #hacking #cloud #log4j #log4shell #devops

This site is open source. Improve this page.