github.com/blevesearch/bleve is vulnerable to authentication bypass. The vulnerability exists due to the missing role-based access control for rest handlers in index_create.go
and index_delete.go
, allowing an attacker to recursively write and delete any directory in the server by using the same account.