Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Opensource Opensearch/Dashboard {{ 2.10.0}}
Describe the issue:
I am scaning the Opensearch and Dashboard Images in our envirnamnet, in this time I got Vulnerabilities by severity errors.
Configuration:
Image procurement Jenkins Jobs failed due Vulnerabilities.
Relevant Logs or Screenshots:
Opensearch Vulnerabilities screenshot
Hello @bhanu1 - thank you for letting us know.
(cc @scrawfor @peternied @davelago )
Hello,
Thank you for your message about the CVEs reported in OpenSearch/OpenSearch Dashboards version 2.10. After a thorough review we have determined this version is not impacted by the following CVEs:
ALAS-2023-2287
ALAS-2023-2271
CVE-2020-36604
In addition, the following CVEs have been addressed by including updated versions of the relevant libraries and any necessary fixes in the 2.11 release, which was released October 16:
CVE-2023-43642
CVE-2023-4586
CVE-2023-42503
CVE-2023-32002
CVE-2023-32006
CVE-2023-32559
ALAS-2023-2287
ALAS-2023-2271
GHSA-xpw8-rcwv-8f8p
Finally, the following CVE will be addressed by including updated versions of the relevant libraries and any necessary fixes in the upcoming 2.12 release, with a tentative target release date of January 23, 2024:
