CSV report from discover security problem

comijac · April 13, 2021, 7:27am

Hello,

I use elk 7.10.0 with opendistro 1.12.0.
My user is under all_acces right.

I try to use CSV report from a saved search using the dialog: ‘share’ then ‘generate CSV report’.

But I receive the following popup : Reporting error forbidden.
I get also a 403 error in my console log :

“error”,“plugins”,“reporting”],“pid”:1,“message”:“{ Error: Authorization Exception\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n at HttpConnector. (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n at IncomingMessage.wrapper (/usr/share/kibana/node_modules/lodash/lodash.js:4949:19)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n status: 403,\n displayName: ‘AuthorizationException’,\n message: ‘Authorization Exception’,\n path: ‘/.reporting-2021-04-11’,\n query: {},\n body: false,\n statusCode: 403,\n response: ‘’,\n toString: [Function],\n toJSON: [Function] }”}
…
slight_smile: “res”:{“statusCode”:403,“responseTime”:148,“contentLength”:9},“message”:“POST /api/reporting/generate/csv 403 148ms - 9.0B”}

Have you an idea concerning this problem.?
Thank

searchymcsearchface · April 13, 2021, 1:11pm

@reporting-team Is this a reporting issue or a security issue?

pablo · April 13, 2021, 1:26pm

@comijac
What type of authentication do you use?
Where do you see this error? Kibana or Elasticsearch logs?
Do you run two separate clusters? ELK and ODFE?

Just to clarify, I don’t see generate CSV report in share, instead is in Reporting.

Update1
Just noticed that generate CSV report is available under Share in ELK and Reporting in ODFE.
Is the error in ELK or ODFE?

CyberGod · April 13, 2021, 3:52pm

How did you installed opendistro1.12.0? Did you install the reports-scheduler(ES plugin) and kibana-reports(Kibana plugin) both?

comijac · April 19, 2021, 7:07pm

@reporting-team
According to my console log, it is a security problem. The problem does’nt concern opendistro reporting.
I use Share/Csv report, so the error is between elk7.10.0 and opendistrosecurity
Error was in kibana log.
I use ELK 7.10.0 with opendistrosecurity plugin 1.12.0

Topic		Replies	Views
Share -> CSV Reports -> Generate CSV forbidden opendistro v1.13.2 with elasticsearch v7.10.2 Reporting Plugin	2	598	September 22, 2021
Read-only user not able to download CSV Reports Reporting Plugin	4	4262	March 4, 2021
What are the permissions required to generate and download a CSV? Security troubleshoot , configure , security-issue	4	1667	September 26, 2023
Unable to download CSV reports from Kibana using Read-Only user Security troubleshoot	6	1602	February 2, 2022
Generate CSV does not work Reporting Plugin	1	559	February 7, 2023

CSV report from discover security problem

Related topics