CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35980 – OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2022-35980
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features document level security (DLS), field level security (FLS), and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to `.kibana` by default, so filters with the index pattern of `*` to restrict access to documents or fields will not be applied. This issue allows requests to access sensitive information when customer have acted to restrict access that specific information. • https://github.com/opensearch-project/security/commit/7eaaafec2939d7db23a02ffca9cc68e0343de246 https://github.com/opensearch-project/security/pull/1999 https://github.com/opensearch-project/security/security/advisories/GHSA-f4qr-f4xx-hjxw • CWE-612: Improper Authorization of Index Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34266
https://notcve.org/view.php?id=CVE-2022-34266
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. El paquete libtiff versión 4.0.3-35.amzn2.0.1 para LibTIFF en Amazon Linux 2 permite a los atacantes causar una denegación de servicio (bloqueo de la aplicación), una vulnerabilidad diferente a CVE-2022-0562. Cuando es procesado un archivo TIFF malicioso, puede pasarse un rango no válido como argumento a la función memset() dentro de TIFFFetchStripThing() en tif_dirread.c. • https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html https://bugs.gentoo.org/859433 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31159 – Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
https://notcve.org/view.php?id=CVE-2022-31159
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the `destinationDirectory` argument, but S3 object keys are determined by the application that uploaded the objects. The `downloadDirectory` method allows the caller to pass a filesystem object in the object key but contained an issue in the validation logic for the key name. A knowledgeable actor could bypass the validation logic by including a UNIX double-dot in the bucket key. • https://github.com/aws/aws-sdk-java/security/advisories/GHSA-c28r-hw5m-5gv3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31115 – Unsafe YAML deserialization in opensearch-ruby
https://notcve.org/view.php?id=CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. • https://github.com/opensearch-project/opensearch-ruby/pull/77 https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3 https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33915
https://notcve.org/view.php?id=CVE-2022-33915
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. Las versiones del paquete hotpatch de Amazon AWS Apache Log4j anteriores a log4j-cve-2021-44228-hotpatch-1.3.5, están afectadas por una condición de carrera que podría conllevar a una escalada de privilegios local. • https://alas.aws.amazon.com/AL2/ALAS-2022-1806.html https://alas.aws.amazon.com/ALAS-2022-1601.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •