CVE-2024-28752 vulnerability in opensearch

Bhupendra · September 16, 2024, 1:25pm

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensearch 2.13.0

Describe the issue:
A client of ours, reported vulnerability CVE-2024-28752 in opensearch-security/cxf-core-4.0.3.jar

Configuration:

Relevant Logs or Screenshots:
https://nvd.nist.gov/vuln/detail/CVE-2024-28752

Could you please help me understand if the vulnerability is exploitable?

landon_lslc · September 18, 2024, 3:12pm

Please see the Security tab on GitHub for how to report security issues. They generally like to avoid keeping these public until they’re solved.

Currently it says:

If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do not create a public GitHub issue.

Bhupendra · September 19, 2024, 5:10am

Thankyou @landon_lslc for your response. Will mail them.

Topic		Replies	Views
Facing issue with OpenSearch image vulnerabilities OpenSearch cve , security-issue	2	796	January 26, 2023
Security vulnerability in open search v 2.15 Security releases , cve , security-issue	4	379	August 5, 2024
How to remove this opensearch-dashboard CVE-2020-36604 security vulnerability issue in 1.3.6 OpenSearch cve , security-issue	3	560	February 6, 2023
I Geeting some vulnerability issue in opensearchproject/opensearch-Dashboard:2.8.0 docker Image OpenSearch releases , cve , security-issue	2	329	June 22, 2023
CVE-2022-42889 by opensearch OpenSearch cve , security-issue	5	987	October 27, 2022

CVE-2024-28752 vulnerability in opensearch

Related topics