漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenSearch Observability does not properly restrict access to private tenant resources
Vulnerability Description
OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
OpenSearch Dashboards Reports 安全漏洞
Vulnerability Description
OpenSearch Dashboards Reports是OpenSearch开源的一个应用程序。用于在 OpenSearch Dashboard 中导出和自动化 PNG、PDF 和 CSV 报告。 OpenSearch Dashboards Reports 2.14之前版本存在安全漏洞,该漏洞源于系统在访问私有租户中的资源时未正确检查用户是否是资源作者,导致潜在数据被泄露。
CVSS Information
N/A
Vulnerability Type
N/A