Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.8 views

CVE-2024-39900

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS6.7AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2451

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00305EPSS
Exploits0References5
Veracode
Veracode
added 2024/07/23 9:37 a.m.17 views

Privilege Escalation

org.opensearch.plugin:opensearch-reports-scheduler is vulnerable to Privilege Escalation. The vulnerability is due to improper checks on user authorization within the file UserAccessManager.kt when accessing resources in a private tenant, which allows an attacker to gain unauthorized access to...

5.4CVSS6.8AI score0.00305EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/18 3:22 p.m.13 views

GHSA-XMVG-335G-X44Q The OpenSearch reporting plugin improperly controls tenancy access to reporting resources

Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...

5.4CVSS5.4AI score0.00305EPSS
Exploits0References5
Veracode
Veracode
added 2024/07/11 6:20 a.m.12 views

Authorization Bypass

org.opensearch.plugin, opensearch-observability is vulnerable to Authorization Bypass. The vulnerability is due to improper verification of the resource author, allowing attackers to access private tenant resources such as notebooks...

5.4CVSS6.7AI score0.0029EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/10 4:4 p.m.15 views

GHSA-77VC-RJ32-2R33 OpenSearch Observability does not properly restrict access to private tenant resources

Summary An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The la...

4.2CVSS4.8AI score0.0029EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/10 4:4 p.m.15 views

OpenSearch Observability does not properly restrict access to private tenant resources

Summary An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The la...

5.4CVSS4.5AI score0.0029EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/07/09 10:15 p.m.17 views

CVE-2024-39901

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS0.0029EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 10:15 p.m.12 views

CVE-2024-39900

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS0.00305EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 9:17 p.m.21 views

CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS6.6AI score0.00305EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/09 9:17 p.m.24 views

CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS0.00305EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/09 9:17 p.m.14 views

CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS6.8AI score0.00305EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 9:17 p.m.61 views

CVE-2024-39900

OpenSearch Dashboards Reports contains an access-control flaw in the reporting plugin: when accessing resources in a private tenant (e.g., notebooks), the system does not properly verify the user is the resource author, allowing unintended disclosure of private tenant resources. This is documente...

5.4CVSS5.3AI score0.00305EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 9:14 p.m.12 views

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

4.2CVSS6.8AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 9:14 p.m.22 views

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

4.2CVSS6.6AI score0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/09 9:14 p.m.24 views

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

4.2CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 9:14 p.m.62 views

CVE-2024-39901

OpenSearch Observability plugins contain an access-control flaw that may allow users to access private tenant resources (e.g., notebooks) without verifying they are the resource author. Root cause: improper validation of the resource author when accessing private-tenant resources. Impact noted ac...

5.4CVSS4.7AI score0.0029EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

OpenSearch Dashboards Reports Security Vulnerability

OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports prior to version 2.14, which stems from the system not properly checking if ...

5.4CVSS6.7AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-28719 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 2.14 Description: An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS7.2AI score0.00305EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-28718 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 2.14 Description: An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessi...

5.4CVSS7AI score0.00305EPSS
Exploits0References11
Rows per page
Query Builder