744 matches found
PT-2024-36601
Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions 2.1.0 through 2.10.1 Description A vulnerability exists in the OpenTelemetry Logs source in Data Prepper where some custom authentication plugins will not perform authentication, allowing unauthorized users to...
The vulnerability of the OpenSearch software package lies in the ability to redirect users to unreliable websites, allowing attackers to redirect users to malicious sites.
The vulnerability of the OpenSearch software package is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious website remotely...
CVE-2024-21538 vulnerabilities
Vulnerabilities for packages: airflow, opensearch-dashboards, opensearch-dashboards-fips, vitess, argo-workflows, tileserver-gl-fips, sqlpad, ts-patch, eslint, kibana, renovate, graalvm, pgadmin4, tileserver-gl, node-gyp, lerna...
ROS-20241029-08
Vulnerability in the OpenSearch software package related to improper validation of the nextUrl parameter. Exploitation of the vulnerability could allow an attacker to redirect a user to a malicious site A vulnerability in the server.maxHeadersCount configuration of the ws client-server library in...
CVE-2024-47875 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, argo-workflows...
GHSA-PXG6-PF52-XH8X vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, vitess, argo-workflows, jitsucom-jitsu, kubeflow-centraldashboard, kubeflow-pipelines, sqlpad, kibana, opensearch-dashboards-fips, thingsboard...
CVE-2024-47764 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, vitess, argo-workflows, jitsucom-jitsu, kubeflow-centraldashboard, kubeflow-pipelines, sqlpad, kibana, opensearch-dashboards-fips, thingsboard...
GHSA-78WR-2P64-HPWJ vulnerabilities
Vulnerabilities for packages: hadoop-client-modules, kafka, kserve, confluent-kafka, confluent-kafka-jre-bcfips, apache-nifi, management-api-for-apache-cassandra-5.0, kserve-modelmesh, wildfly, management-api-for-apache-cassandra-4.1, opensearch, sonarqube, zookeeper-fips, strimzi-kafka-operator,...
CVE-2024-47554 vulnerabilities
Vulnerabilities for packages: hadoop-client-modules, kafka, kserve, confluent-kafka, confluent-kafka-jre-bcfips, apache-nifi, management-api-for-apache-cassandra-5.0, kserve-modelmesh, wildfly, management-api-for-apache-cassandra-4.1, opensearch, sonarqube, zookeeper-fips, strimzi-kafka-operator,...
GHSA-735F-PC8J-V9W8 vulnerabilities
Vulnerabilities for packages: hadoop-client-modules, kafka, emsdk, tez, ruby3.3-fluentd-kubernetes-daemonset, camunda-zeebe, confluent-kafka, thingsboard, confluent-kafka-jre-bcfips, apache-nifi, kserve-modelmesh, trino, opensearch, elasticsearch, wavefront-proxy, knative-kafka-broker,...
GHSA-MMHX-HMJR-R674 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, argo-workflows...
CVE-2024-45801 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, argo-workflows...
CVE-2024-45296 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, vitess, argo-workflows, thingsboard, kubeflow-centraldashboard, kubeflow-pipelines, grafana-fips, sqlpad, kibana, opensearch-dashboards-fips, grafana, grafana-11.0...
CVE-2024-43794
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
CVE-2024-43794
CVE-2024-43794 affects the OpenSearch Dashboards Security Plugin, which adds a configuration management UI for OpenSearch Security features. The issue is improper validation of the nextUrl parameter, allowing external redirects on login for specially crafted inputs. A patch is available and recom...
CVE-2024-43794 OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is availab...
OpenSearch Dashboards Security Plugin 安全漏洞
OpenSearch Dashboards Security Plugin is an OpenSearch Dashboards Security Plugin for OpenSearch open source. A security vulnerability exists in OpenSearch Dashboards Security Plugin versions prior to 1.3.19 and prior to 2.16.0 that stems from improper validation of the nextUrl parameter, which m...
PT-2024-7916 · Opensearch +2 · Opensearch Dashboards Security Plugin +2
Name of the Vulnerable Software and Affected Versions: OpenSearch Dashboards Security Plugin versions prior to 1.3.19 OpenSearch Dashboards Security Plugin versions prior to 2.16.0 Description: The issue is related to improper validation of the nextUrl parameter, which can lead to an external...