In OpenSearch versions 2.16.0, 1.3.19 and earlier a medium severity vulnerability CVE-2024-43794 was detected. The Dashboards Security Plugin adds a user interface for managing security features. Improper validation of the nextUrl parameter may cause an external redirect during login if certain parameters are manipulated. To fix this problem, users should upgrade to version 1.3.19 or 2.16.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43794.
OpenSearch: Risk of External Redirect Vulnerability
by the Hossted team
27.08.2024
27.08.2024