Specially Crafted Parameters Can Lead to External Redirect on Login
CVE-2024-43794

6.1MEDIUM

Key Information:

Vendor

Opensearch-project

Status
Security-dashboards-plugin
Vendor
CVE Published:
23 August 2024

What is CVE-2024-43794?

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

security-dashboards-plugin < 1.3.19 < 1.3.19

security-dashboards-plugin >= 2.0.0, < 2.16.0 < 2.0.0, 2.16.0

References

https://github.com/opensearch-project/security-dashboards...
x_refsource_CONFIRM
https://github.com/opensearch-project/security-dashboards...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.