One 、 Vulnerability description

Use Green Alliance Scan for leaks ：

1、Elasticsearch Unauthorized access

2、mysql server Security vulnerabilities 、 Component security vulnerability

Two 、 Vulnerability investigation

Through the website National Information Security Vulnerability Database View specific vulnerability solutions

1、Elasticsearch You need to add a security authentication plug-in  http-basic

  because es Version together , The use of http-basic It's not the same way , With my es 6.8.23 For example ：

http-basic Download package ：

link ：https://pan.baidu.com/s/1E_ckdsjnlmUszsSFq_i1AA
Extraction code ：zbfn

2、mysql The version of is too low , Change to a higher version

8.0.28 This exists in previous versions CVE-2021-22570 Loophole , at present mysql The latest is 8.0.29 edition , So upgrade mysql To 29 On the version