You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A client of ours have reported vulnerability cve-2024-28752 in index/plugins/opensearch-security/cxf-core-4.0.3.jar.
Opensearch 2.13.0
Though we would be upgrading to opensearch 2.15.0, which has the fix, it would be helpful if someone could explain whether the vulnerability was exploitable in Opensearch 2.13.0.
Describe the bug
A client of ours have reported vulnerability cve-2024-28752 in index/plugins/opensearch-security/cxf-core-4.0.3.jar.
Opensearch 2.13.0
Though we would be upgrading to opensearch 2.15.0, which has the fix, it would be helpful if someone could explain whether the vulnerability was exploitable in Opensearch 2.13.0.
Related component
Plugins
To Reproduce
Expected behavior
Would like to understand if the vulnerability is exploitable in Opensearch 2.13.0?
Additional Details
Plugins
Please list all plugins currently enabled.
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: