Weak Permissions in Amazon AWS OpenSearch CLI Configuration File
CVE-2021-44833

9.8CRITICAL

Key Information:

Vendor: Amazon
Status: Aws Opensearch
Vendor: CVE Published:; 12 December 2021

What is CVE-2021-44833?

The AWS OpenSearch CLI version 1.0.0 is impacted by a vulnerability stemming from weak permissions assigned to its configuration file. This flaw could potentially allow unauthorized access or manipulation of sensitive configuration settings, exposing the system to various security risks. Users of the AWS OpenSearch CLI should be aware of this weakness and take appropriate measures to secure their environments.

References

https://github.com/opensearch-project/opensearch-cli/blob...

x_refsource_MISC

https://github.com/opensearch-project/opensearch-cli/comm...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2021
Vulnerability Reserved
Dec 12, 2021