OpenSearch Data Prepper uses deprecated SSL protocol identifier

Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used SSLContext.getInstance"SSL" which could...

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

OpenSearch Data Prepper 信任管理问题漏洞

OpenSearch Data Prepper is a component of the OpenSearch project, an OpenSearch open source project. A trust management issue vulnerability exists in OpenSearch Data Prepper versions prior to 2.12.2 that stems from the OpenSearch sink and source plugins trusting all SSL certificates by default,...

PT-2025-42388

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...

EUVD-2024-52841

Malicious code in bioql PyPI...

CVE-2024-55886

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

CVE-2024-55886

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

CVE-2024-55886

The CVE affects OpenSearch Data Prepper (OpenTelemetry Logs source) where custom GrpcAuthenticationProvider plugins that implement getHttpAuthenticationService() instead of getAuthenticationInterceptor() fail to perform authentication, allowing unauthorized data ingestion. Affected versions: 2.1....

OpenSearch Data Prepper 授权问题漏洞

OpenSearch Data Prepper is a component of the OpenSearch project, an OpenSearch open source project. An authorization issue vulnerability exists in OpenSearch Data Prepper version 2.1.0 through versions prior to 2.10.2, which stems from a vulnerability in which certain custom authentication...

PT-2024-36601

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions 2.1.0 through 2.10.1 Description A vulnerability exists in the OpenTelemetry Logs source in Data Prepper where some custom authentication plugins will not perform authentication, allowing unauthorized users to...