Specially Crafted Parameters Can Lead to External Redirect on Login
CVE-2024-43794

6.1MEDIUM

Key Information:

Vendor: Opensearch-project
Status: Security-dashboards-plugin
Vendor: CVE Published:; 23 August 2024

🔔 Create Opensearch-project Vulnerability Alert

What is CVE-2024-43794?

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.

Affected Version(s)

security-dashboards-plugin < 1.3.19 < 1.3.19

security-dashboards-plugin >= 2.0.0, < 2.16.0 < 2.0.0, 2.16.0

References

https://github.com/opensearch-project/security-dashboards...

x_refsource_CONFIRM

https://github.com/opensearch-project/security-dashboards...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Aug 16, 2024

CVE-2024-43794 Data

JSON