CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

744 matches found

Snyk•added 2025/10/15 8:9 p.m.•4 views

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:opensearch is a Data Prepper project: opensearch Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can intercept...

9.1CVSS6.5AI score0.00178EPSS

Exploits0References2

vulnersOsv•added 2025/10/15 8:9 p.m.•7 views

org.opensearch.dataprepper.plugins:otel-trace-group-processor (>=2.12.0 <=2.12.1) potentially affected by CVE-2025-62371 via org.opensearch.dataprepper.plugins:opensearch (>=2.12.0 <=2.12.1)

org.opensearch.dataprepper.plugins:opensearch MAVEN version =2.12.0, =2.12.0, =2.12.1 Source cves: CVE-2025-62371 Source advisory: OSV:GHSA-43FF-RR26-8HX4...

7.4CVSS5.8AI score0.00178EPSS

Exploits0

OSV•added 2025/10/15 8:9 p.m.•6 views

GHSA-43FF-RR26-8HX4 OpenSearch Data Prepper plugins trust all SSL certificates by default

Impact The OpenSearch sink and source plugins in Data Prepper are configured to trust all SSL certificates by default when no certificate path was provided, making connections vulnerable to man-in-the-middle attacks. Prior to this fix, the OpenSearch sink and source plugins would automatically us...

7.4CVSS5.9AI score0.00178EPSS

Exploits0References6

NVD•added 2025/10/15 6:15 p.m.•6 views

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

7.4CVSS0.00178EPSS

Exploits0References4

Vulnrichment•added 2025/10/15 5:25 p.m.•1 views

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

7.4CVSS6.3AI score0.00178EPSS

Exploits0References4

CVE•added 2025/10/15 5:25 p.m.•13 views

CVE-2025-62371

CVE-2025-62371 relates to OpenSearch Data Prepper plugins (sink/source) defaulting to a trust-all SSL configuration when no cert path is provided. This weakens certificate validation and enables MITM interception of data in transit to OpenSearch clusters. Affected versions precede 2.12.2; the iss...

7.4CVSS6.3AI score0.00178EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/10/15 5:25 p.m.•10 views

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

7.4CVSS0.00178EPSS

Exploits0References4

OSV•added 2025/10/15 5:25 p.m.•4 views

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

7.4CVSS6.7AI score0.00178EPSS

Exploits0References6

Positive Technologies•added 2025/10/15 12:0 a.m.•5 views

PT-2025-42388

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...

7.4CVSS6.4AI score0.00178EPSS

Exploits0References14

CNNVD•added 2025/10/15 12:0 a.m.•8 views

OpenSearch Data Prepper 信任管理问题漏洞

OpenSearch Data Prepper is a component of the OpenSearch project, an OpenSearch open source project. A trust management issue vulnerability exists in OpenSearch Data Prepper versions prior to 2.12.2 that stems from the OpenSearch sink and source plugins trusting all SSL certificates by default,...

7.4CVSS6.3AI score0.00178EPSS

Exploits0References5

IBM Security Bulletins•added 2025/10/07 5:4 p.m.•5 views

Security Bulletin: Multiple vulnerabilities in OpenJDK may affect opensearch in IBM Business Automation Workflow on Containers - CVE-2025-30749, CVE-2025-30754, CVE-2025-2025-50059

Summary IBM Business Automation Workflow provides a container image for opensearch. OpenJDK on this image is outdated. Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

8.6CVSS6.3AI score0.01058EPSS

Exploits2Affected Software2