Could we get more info on the impact of CVE-2022-42920 in OpenSearch with a Critical 9.8 score?

ericallen · December 16, 2022, 4:46pm

In the release notes for 2.4.1 and 1.3.7, there is reference to CVE-2022-42920 which has a CVE score of Critical 9.8 for bcel. This is very similar in score to the log4j fiasco last year.

What impact does this vulnerability have on OpenSearch? What is bcel being used for?

A bit more information than just casually dropped in the release notes for a 9.8 vulnerability would be appreciated.

davelago · February 9, 2023, 8:55pm

Hello,

Thank you for your message about the CVE reported in OpenSearch. After a thorough review we have determined this version is not impacted by CVE-2022-42920.

Dave.

Topic		Replies	Views
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1661	December 20, 2021
CVE-2022-42889 by opensearch OpenSearch cve , security-issue	5	990	October 27, 2022
CVE-2022-21449 - Is OpenSearch affected? Security discuss , cve , security-issue	1	670	April 26, 2022
Log4j2 vulnerability in OpenSearch Security discuss , cve , security-issue	72	9992	January 30, 2022
Log4j issue - CVE-2021-44832 Security discuss , cve , security-issue	16	1371	February 10, 2022

Could we get more info on the impact of CVE-2022-42920 in OpenSearch with a Critical 9.8 score?

Related topics