CVE-2024-55886 | opensearch-project data-prepper 2.10.0/2.10.1 getHttpAuthenticationService improper authentication (GHSA-725p-63vv-v948)

Inserito da Angelo Barbosa | Dic 12, 2024 | CVE

A vulnerability classified as critical was found in opensearch-project data-prepper 2.10.0/2.10.1. This vulnerability affects the function getHttpAuthenticationService. The manipulation leads to improper authentication.

This vulnerability was named CVE-2024-55886. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-55886 | opensearch-project data-prepper 2.10.0/2.10.1 getHttpAuthenticationService improper authentication (GHSA-725p-63vv-v948)

Post correlati

CVE-2024-46085 | FrogCMS 0.9.5 cross-site request forgery

CVE-2024-23731 | Embedchain up to 0.1.56 OpenAPI Loader openapi.py yaml.load Privilege Escalation

CVE-2024-38361 | authzed spicedb up to 1.33.0 permissions (GHSA-grjv-gjgr-66g2)

CVE-2024-2823 | DedeCMS 5.7 /src/dede/mda_main.php cross-site request forgery