Vulnerabilidades em opensearch-project
16 resultadosCVE-2022-31115HIGHUnsafe YAML deserialization in opensearch-rubyEPSS 1.3%CVE-2022-35980HIGHOpenSearch vulnerable to Improper Authorization of Index Containing Sensitive InformationEPSS 0.9%CVE-2023-23613MEDIUMField-level security issue with .keyword fields in OpenSearchEPSS 0.8%CVE-2023-23612MEDIUMIssue with whitespace in JWT roles in OpenSearchEPSS 0.8%CVE-2022-41906HIGHOpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF) EPSS 0.7%CVE-2022-41917MEDIUMIncorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearchEPSS 0.5%CVE-2023-23933MEDIUMIssue in Anomaly Detection with document and field level rules in numerical feature aggregationsEPSS 0.5%CVE-2023-31141MEDIUMOpenSearch issue with fine-grained access control during extremely rare race conditionsEPSS 0.5%CVE-2022-41918MEDIUMIssue with fine-grained access control of indices backing data streamsEPSS 0.4%CVE-2023-45807MEDIUMOpenSearch Issue with tenant read-only permissionsEPSS 0.4%CVE-2023-25806MEDIUMTime discrepancy in authentication responses in OpenSearchEPSS 0.3%CVE-2024-55886MEDIUMOpenTelemetry Logs source may lack authentication with some custom pluginsEPSS 0.3%CVE-2024-39900MEDIUMOpenSearch Dashboards Reports does not properly restrict access to private tenant resourcesEPSS 0.3%CVE-2024-39901MEDIUMOpenSearch Observability does not properly restrict access to private tenant resourcesEPSS 0.3%CVE-2024-43794MEDIUMOpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirectEPSS 0.2%CVE-2025-62371HIGHOpenSearch Data Prepper plugins trusts all SSL certificates by defaultEPSS 0.2%