Lucene search
K

10 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.9 views

CVE-2024-39900

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS6.7AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2451

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00305EPSS
Exploits0References5
OSV
OSV
added 2024/07/18 3:22 p.m.39 views

GHSA-XMVG-335G-X44Q The OpenSearch reporting plugin improperly controls tenancy access to reporting resources

Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...

5.4CVSS5.4AI score0.00305EPSS
Exploits0References5
Veracode
Veracode
added 2024/07/11 6:20 a.m.13 views

Authorization Bypass

org.opensearch.plugin, opensearch-observability is vulnerable to Authorization Bypass. The vulnerability is due to improper verification of the resource author, allowing attackers to access private tenant resources such as notebooks...

5.4CVSS6.7AI score0.0029EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/09 10:15 p.m.31 views

CVE-2024-39900

OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.8 views

PT-2024-28718 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 2.14 Description: An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessi...

5.4CVSS7AI score0.00305EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-28719 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 2.14 Description: An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

5.4CVSS7.2AI score0.00305EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2018/07/26 2:0 p.m.54 views

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

5.9CVSS5.4AI score0.01847EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2012/10/09 3:55 p.m.23 views

CVE-2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...

4CVSS5.9AI score0.02267EPSS
Exploits0References2
Rows per page
Query Builder