CVE-2024-43794
CVSS V2 None
CVSS V3 None
Description
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.
Overview
- CVE ID
- CVE-2024-43794
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-23T16:15:58.428Z
- Last Modified Date
- 2024-08-23T17:01:06.990Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/opensearch-project/security-dashboards-plugin/security/advisories/GHSA-3fph-6cqp-5mfc | x_refsource_CONFIRM |
| https://github.com/opensearch-project/security-dashboards-plugin/commit/fc4f6a27c0c80881be9e8ed6b9259a25c3fa0e13 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43794 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43794 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-24 13:12:28 | Added to TrackCVE |