漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenSearch Dashboards Security Plugin improper validation of nextUrl can lead to external redirect
Vulnerability Description
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
OpenSearch Dashboards Security Plugin 安全漏洞
Vulnerability Description
OpenSearch Dashboards Security Plugin是OpenSearch Project开源的一个 OpenSearch 仪表板安全插件。 OpenSearch Dashboards Security Plugin 1.3.19之前版本和2.16.0之前版本存在安全漏洞,该漏洞源于对nextUrl参数的验证不当,可能导致登录到OpenSearch-Dashboards时发生外部重定向,以处理特制的参数。
CVSS Information
N/A
Vulnerability Type
N/A