Plateforme
java
Composant
data-prepper
Corrigé dans
2.1.1
OpenSearch Data Prepper is a data processing component within the OpenSearch ecosystem, responsible for ingesting, filtering, and routing data. A vulnerability has been identified in the OpenTelemetry Logs source, affecting versions 2.1.0 through 2.10.1. This flaw allows unauthorized users to ingest OpenTelemetry Logs data if custom authentication plugins are used without proper authentication checks. The vulnerability is resolved in version 2.10.2.
The primary impact of CVE-2024-55886 is the potential for unauthorized data ingestion into your OpenSearch cluster. Attackers could inject malicious or irrelevant data, potentially disrupting operations, skewing analytics, or even introducing backdoors. The scope of the impact depends on the sensitivity of the OpenTelemetry Logs being processed. If the logs contain sensitive information (e.g., personally identifiable information (PII), financial data, or proprietary business data), a successful exploitation could lead to data breaches and regulatory compliance violations. Lateral movement within the environment is unlikely directly from this vulnerability, but compromised data could be used to target other systems. The blast radius extends to any downstream applications or services that rely on the processed data from OpenSearch.
CVE-2024-55886 was published on December 12, 2024. Its severity is currently assessed as medium (CVSS 6.9). There are no known public exploits or active campaigns targeting this vulnerability at the time of writing. The vulnerability is not listed on KEV or EPSS, suggesting a low to medium probability of exploitation. Review the OpenSearch security advisory and the NVD entry for the latest updates and security recommendations.
Statut de l'Exploit
EPSS
0.40% (percentile 60%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-55886 is to upgrade OpenSearch Data Prepper to version 2.10.2 or later. If an immediate upgrade is not feasible, consider disabling or removing custom authentication plugins until a patch can be applied. As a temporary workaround, restrict access to the OpenTelemetry Logs source to trusted networks or users. Implement strict input validation and sanitization on the ingested data to minimize the impact of potentially malicious data. Monitor OpenSearch logs for unusual activity or unauthorized data sources. While a WAF or proxy cannot directly address this authentication bypass, they can help detect and block suspicious traffic patterns associated with data ingestion attempts.
Actualice a la versión 2.10.2 o superior de Data Prepper. Si no puede actualizar, utilice el proveedor de autenticación `http_basic` incorporado o agregue un proxy de autenticación delante de las instancias de Data Prepper que ejecutan la fuente de OpenTelemetry Logs.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's an authentication bypass vulnerability in OpenSearch Data Prepper versions 2.1.0–2.10.1, allowing unauthorized data ingestion via custom authentication plugins.
If you are using OpenSearch Data Prepper versions 2.1.0 through 2.10.1 and utilizing custom authentication plugins, you are potentially affected.
Upgrade OpenSearch Data Prepper to version 2.10.2 or later. If immediate upgrade is not possible, disable custom plugins as a temporary workaround.
Currently, there are no known public exploits or active campaigns targeting this vulnerability, but vigilance is still advised.
Refer to the OpenSearch security advisory and the National Vulnerability Database (NVD) entry for CVE-2024-55886 for detailed information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.