744 matches found
Privilege Escalation
org.opensearch.plugin:opensearch-reports-scheduler is vulnerable to Privilege Escalation. The vulnerability is due to improper checks on user authorization within the file UserAccessManager.kt when accessing resources in a private tenant, which allows an attacker to gain unauthorized access to...
GHSA-XMVG-335G-X44Q The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...
CVE-2024-21180
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch Dashboards. Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...
CVE-2024-21180
CVE-2024-21180 (PeopleSoft OpenSearch Dashboards) affects PeopleSoft Enterprise PeopleTools versions 8.59–8.61. The issue arises from insufficient input validation in the OpenSearch Dashboards component, enabling a remote attacker with network access over HTTP (low privileges) to gain unauthorize...
ROS-20240716-01
OpenSearch software package vulnerability related to unintentional access to resources of of users in the Dashboards Reports plugin. Exploitation of the vulnerability could allow an attacker to compromise the integrity of data. impact data integrity OpenSearch software package vulnerability relat...
OpenSearch Observability does not properly restrict access to private tenant resources
Summary An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The la...
GHSA-77VC-RJ32-2R33 OpenSearch Observability does not properly restrict access to private tenant resources
Summary An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The la...
CVE-2024-39901
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39900
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39900
OpenSearch Dashboards Reports contains an access-control flaw in the reporting plugin: when accessing resources in a private tenant (e.g., notebooks), the system does not properly verify the user is the resource author, allowing unintended disclosure of private tenant resources. This is documente...
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
CVE-2024-39901
OpenSearch Observability plugins contain an access-control flaw that may allow users to access private tenant resources (e.g., notebooks) without verifying they are the resource author. Root cause: improper validation of the resource author when accessing private-tenant resources. Impact noted ac...
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...
OpenSearch Dashboards Reports Security Vulnerability
OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports prior to version 2.14, which stems from when accessing a resource in a priva...
OpenSearch Dashboards Reports Security Vulnerability
OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports prior to version 2.14, which stems from the system not properly checking if ...