Vulnerability Details CVE-2021-44833
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/opensearch-project/opensearch-cli/blob/275085730f791daccaac81c566a25f541656d9f9/commands/root.go#L43
- https://github.com/opensearch-project/opensearch-cli/commit/69dc712d0d0d05dc2bc2bd0d733c73e3641b633a
- https://github.com/opensearch-project/opensearch-cli/blob/275085730f791daccaac81c566a25f541656d9f9/commands/root.go#L43
- https://github.com/opensearch-project/opensearch-cli/commit/69dc712d0d0d05dc2bc2bd0d733c73e3641b633a
Products affected by CVE-2021-44833
-
cpe:2.3:a:amazon:aws_opensearch:1.0.0