Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240716-01
HistoryJul 16, 2024 - 12:00 a.m.

ROS-20240716-01

2024-07-1600:00:00
redos.red-soft.ru
2
opensearch
software package
vulnerability
dashboards reports
observability
unintended access
user resources
exploitation
compromise
data integrity
unix

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

Low

JSON

OpenSearch software package vulnerability related to unintentional access to resources of
of users in the Dashboards Reports plugin. Exploitation of the vulnerability could allow an attacker to compromise the integrity of data.
impact data integrity

OpenSearch software package vulnerability related to unintended access to user resources in Observability plugin.
users in the Observability plugin. Exploitation of the vulnerability could allow an attacker to compromise data integrity.
impact data integrity

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64opensearch< 2.14.0-1UNKNOWN

Related

cvelist 2
cve 2
osv 4
veracode 2
vulnrichment 2
github 2
nvd 2
cvelist
cvelist
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
2024-07-09 21:17:21
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources
2024-07-09 21:14:28
cve
cve
CVE-2024-39900
2024-07-09 22:15:03
CVE-2024-39901
2024-07-09 22:15:03
osv
osv
CVE-2024-39901
2024-07-09 22:15:03
OpenSearch Observability does not properly restrict access to private tenant resources
2024-07-10 16:04:08
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
2024-07-18 15:22:02
veracode
veracode
Privilege Escalation
2024-07-23 09:37:28
Authorization Bypass
2024-07-11 06:20:37
vulnrichment
vulnrichment
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources
2024-07-09 21:14:28
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
2024-07-09 21:17:21
github
github
OpenSearch Observability does not properly restrict access to private tenant resources
2024-07-10 16:04:08
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
2024-07-18 15:22:02
nvd
nvd
CVE-2024-39901
2024-07-09 22:15:03
CVE-2024-39900
2024-07-09 22:15:03

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

Low

JSON
Related for ROS-20240716-01
cvelist2cve2osv4veracode2vulnrichment2github2nvd2