From Attack Simulation to SIEM Rule: Deterministic Detection-As-Code Synthesis with Probe-Level Traceability

Security teams routinely simulate attacks against their own systems to check whether their monitoring would catch a real intruder. These Breach-and-Attack-Simulation BAS tools surface findings, but the security information and event management SIEM systems that watch production need detection rul...

Typosquatted npm packages used to steal cloud and CI/CD secrets

In this article 1. Attack chain overview 1. The lure: typosquats and spoofed metadata 2. Execution: npm lifecycle hook abuse 3. Gen-1 stager: HTTP C2 beacon and payload drop 4. Gen-2 stager: abusing the legitimate Bun runtime as a loader 5. Credential theft 6. Impact and blast radius 2. Mitigatio...

CVE-2026-43826 Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

Apache Airflow 日志信息泄露漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. The Apache Airflow OpenSearch Provider has a vulnerabilit...

OpenSearch has ineffective TLS certificate hostname verification

Description A regression was introduced in OpenSearch 2.18.0 that caused the plugins.security.ssl.transport.enforcehostnameverification setting to be ineffective. When this setting was enabled, OpenSearch did not verify that the hostname in a connecting node's TLS certificate matched the hostname...

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (>=2.11.1.0 <=2.19.3.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =0.1.0, =0.1.0, =0.2.3.10 Source cves: unknown CVE Source advisory: OSV:GHSA-X83W-23JP-G6PW...

GHSA-X83W-23JP-G6PW OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation

Description A flaw was identified in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions were not correctly applied to search queries that use hasparent or haschild join relations. This could allow an authenticated user to access document contents that...

PT-2026-41510

Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw exists in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions are not correctly applied to search queries...

CVE-2026-42038 vulnerabilities

Vulnerabilities for packages: saf, prism, jitsucom-jitsu, lerna, opensearch-dashboards, langfuse, kubeflow-centraldashboard...

PT-2026-35526

Name of the Vulnerable Software and Affected Versions qnabot-on-aws versions prior to 7.3.0 Description Improper use of the static-eval npm package allows an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context. This is achieved by injecting a...

CVE-2026-35554 vulnerabilities

Vulnerabilities for packages: debezium, thingsboard, strimzi-kafka-operator, apache-nifi, druid, opensearch-fips, debezium-connector-informix, seata, wildfly, knative-kafka-broker, opensearch, debezium-connector-db2, debezium-connector-spanner, strimzi-kafka-operator-fips, debezium-connector-ibmi...

Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager (FNCM) component Content Search Services (CSS) / Enterprise Content Management Text Search (ECMTS)

Summary Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager FNCM component Content Search Services CSS / Enterprise Content Management Text Search ECMTS Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Improper Certificate Validation

org.opensearch.dataprepper.plugins, opensearch is vulnerable to Improper Certificate Validation. The vulnerability is due to the plugins defaulting to a “trust-all” SSL configuration when no certificate path is provided, which allows an attacker to perform man-in-the-middle interception and...

CVE-2025-53059

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch Dashboards. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSof...

Linux Distros Unpatched Vulnerability : CVE-2023-28864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode- cache/backup world-readable temporary backup path to...

Linux Distros Unpatched Vulnerability : CVE-2023-31141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the...

Linux Distros Unpatched Vulnerability : CVE-2023-23612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the...

PT-2025-32598 · Maven · Org.Opensearch.Plugin:Opensearch-Security

Impact OpenSearch versions 2.19.2 and earlier improperly apply field masking rules on fields of the types ip, geo point, geo shape, xy point, xy shape. While the content of these fields is properly redacted in the source document returned by search operations, the original unredacted values remai...

CVE-2023-23933

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

CVE-2023-23612

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...