ElasticSearch Upgrade Available

This plugin ensures ElasticSearch domains are running the latest service software.

Risk Level: High

Description

This plugin ensures ElasticSearch domains are running the latest service software. ElasticSearch domains should be configured to run the latest service software as with the updates, certain bugs and security vulnerabilities are fixed.

About the Service

Amazon OpenSearch: With Amazon OpenSearch, one can analyze, query and visualize petabytes of text and unstructured data. It makes the complex process of performing interactive log analytics, real-time application monitoring, website search, an easy process. Apart from this, Amazon OpenSearch also provides the possibility to capture observability logs and metrics. 

Impact

Running domains on outdated software versions can have a serious impact on the security. Updated versions have all the previous explored security vulnerabilities fixed. If the domain still runs on older versions, the attacker can take advantage of this vulnerability.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the Amazon OpenSearch Console. You can use this link (https://console.aws.amazon.com/esv3/) to navigate directly if already logged in. 
  3. From the left navigation pane, click on Domains from the left panel.
  4. A list of domains will be displayed. Select the domain you want to examine by clicking on it’s name.
  5. If a notification appears on the top of the console to Upgrade the version, the domain runs on older versions.
  6. Repeat steps 3 to 5 for all the domains you wish to examine.

Steps for Remediation

Ensure each ElasticSearch domain is running the latest service software and update out-of-date domains.

  1. Log In to your AWS Console.
  2. Open the Amazon OpenSearch Console. You can use this link (https://console.aws.amazon.com/esv3/) to navigate directly if already logged in. 
  3. From the left navigation pane, click on Domains from the left panel.
  4. A list of domains will be displayed. Select the vulnerable domain by clicking on it’s name.
  5. From the notification to Upgrade above, click on Check Upgrade Version.
  6. Select the latest version from the drop-down list and click on Check Eligibility.
  7. Type “upgrade” in the textbox and click on Upgrade.
  8. Repeat steps 3 to 7 for all the vulnerable domains.