Vulnerability DatabaseCVE-2024-39900
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-39900
July 09, 2024
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. The patches are included in OpenSearch 2.14.
Related Resources (5)
https://github.com/opensearch-project/reporting/commit/2403014c57ee63268e83d919db3334b676a8c992
https://github.com/opensearch-project/reporting
https://nvd.nist.gov/vuln/detail/CVE-2024-39900
https://opensearch.org/versions/opensearch-2-14-0.html
https://github.com/opensearch-project/reporting/security/advisories/GHSA-xmvg-335g-x44q
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Authorization Bypass Through User-Controlled Key
CWE-639
EPSS
Base Score:
0.20