2 matches found
CVE-2024-39900
OpenSearch Dashboards Reports contains an access-control flaw in the reporting plugin: when accessing resources in a private tenant (e.g., notebooks), the system does not properly verify the user is the resource author, allowing unintended disclosure of private tenant resources. This is documente...
CVE-2024-39901
OpenSearch Observability plugins contain an access-control flaw that may allow users to access private tenant resources (e.g., notebooks) without verifying they are the resource author. Root cause: improper validation of the resource author when accessing private-tenant resources. Impact noted ac...