9.8

CVE-2021-44833

Exploit
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AmazonAws Opensearch Version1.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.72
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/opensearch-project/opensearch-cli/blob/275085730f791daccaac81c566a25f541656d9f9/commands/root.go#L43
Third Party Advisory
Exploit
https://github.com/opensearch-project/opensearch-cli/commit/69dc712d0d0d05dc2bc2bd0d733c73e3641b633a
Patch
Third Party Advisory