Could we get more info on the impact of CVE-2022-42920 in OpenSearch with a Critical 9.8 score?

ericallen · December 16, 2022, 4:46pm

In the release notes for 2.4.1 and 1.3.7, there is reference to CVE-2022-42920 which has a CVE score of Critical 9.8 for bcel. This is very similar in score to the log4j fiasco last year.

What impact does this vulnerability have on OpenSearch? What is bcel being used for?

A bit more information than just casually dropped in the release notes for a 9.8 vulnerability would be appreciated.

davelago · February 9, 2023, 8:55pm

Hello,

Thank you for your message about the CVE reported in OpenSearch. After a thorough review we have determined this version is not impacted by CVE-2022-42920.

Dave.

Topic		Replies	Views
Does CVE-2021-44228 impact OpenSearch General Feedback cve	9	1509	December 20, 2021
CVE-2022-21449 - Is OpenSearch affected? Security discuss , cve , security-issue	1	632	April 26, 2022
Log4j2 vulnerability in OpenSearch Security discuss , cve , security-issue	72	9386	January 30, 2022
Log4j issue - CVE-2021-44832 Security discuss , cve , security-issue	16	1238	February 10, 2022
Facing issue with OpenSearch image vulnerabilities OpenSearch cve , security-issue	2	675	January 26, 2023

Could we get more info on the impact of CVE-2022-42920 in OpenSearch with a Critical 9.8 score?

Related Topics