The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
References
Link | Resource |
---|---|
https://github.com/opensearch-project/opensearch-cli/blob/275085730f791daccaac81c566a25f541656d9f9/commands/root.go#L43 | Exploit Third Party Advisory |
https://github.com/opensearch-project/opensearch-cli/commit/69dc712d0d0d05dc2bc2bd0d733c73e3641b633a | Patch Third Party Advisory |
Configurations
History
15 Dec 2021, 15:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:amazon:aws_opensearch:1.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-276 | |
References | (MISC) https://github.com/opensearch-project/opensearch-cli/commit/69dc712d0d0d05dc2bc2bd0d733c73e3641b633a - Patch, Third Party Advisory | |
References | (MISC) https://github.com/opensearch-project/opensearch-cli/blob/275085730f791daccaac81c566a25f541656d9f9/commands/root.go#L43 - Exploit, Third Party Advisory |
12 Dec 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-12 06:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-44833
Mitre link : CVE-2021-44833
CVE.ORG link : CVE-2021-44833
JSON object : View
Products Affected
amazon
- aws_opensearch
CWE
CWE-276
Incorrect Default Permissions