平台
java
组件
data-prepper
修复版本
2.1.1
OpenSearch Data Prepper is a data processing component within the OpenSearch ecosystem, responsible for ingesting, filtering, and routing data. A vulnerability has been identified in the OpenTelemetry Logs source, affecting versions 2.1.0 through 2.10.1. This flaw allows unauthorized users to ingest OpenTelemetry Logs data if custom authentication plugins are used without proper authentication checks. The vulnerability is resolved in version 2.10.2.
The primary impact of CVE-2024-55886 is the potential for unauthorized data ingestion into your OpenSearch cluster. Attackers could inject malicious or irrelevant data, potentially disrupting operations, skewing analytics, or even introducing backdoors. The scope of the impact depends on the sensitivity of the OpenTelemetry Logs being processed. If the logs contain sensitive information (e.g., personally identifiable information (PII), financial data, or proprietary business data), a successful exploitation could lead to data breaches and regulatory compliance violations. Lateral movement within the environment is unlikely directly from this vulnerability, but compromised data could be used to target other systems. The blast radius extends to any downstream applications or services that rely on the processed data from OpenSearch.
CVE-2024-55886 was published on December 12, 2024. Its severity is currently assessed as medium (CVSS 6.9). There are no known public exploits or active campaigns targeting this vulnerability at the time of writing. The vulnerability is not listed on KEV or EPSS, suggesting a low to medium probability of exploitation. Review the OpenSearch security advisory and the NVD entry for the latest updates and security recommendations.
漏洞利用状态
EPSS
0.40% (60% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-55886 is to upgrade OpenSearch Data Prepper to version 2.10.2 or later. If an immediate upgrade is not feasible, consider disabling or removing custom authentication plugins until a patch can be applied. As a temporary workaround, restrict access to the OpenTelemetry Logs source to trusted networks or users. Implement strict input validation and sanitization on the ingested data to minimize the impact of potentially malicious data. Monitor OpenSearch logs for unusual activity or unauthorized data sources. While a WAF or proxy cannot directly address this authentication bypass, they can help detect and block suspicious traffic patterns associated with data ingestion attempts.
Actualice a la versión 2.10.2 o superior de Data Prepper. Si no puede actualizar, utilice el proveedor de autenticación `http_basic` incorporado o agregue un proxy de autenticación delante de las instancias de Data Prepper que ejecutan la fuente de OpenTelemetry Logs.
漏洞分析和关键警报直接发送到您的邮箱。
It's an authentication bypass vulnerability in OpenSearch Data Prepper versions 2.1.0–2.10.1, allowing unauthorized data ingestion via custom authentication plugins.
If you are using OpenSearch Data Prepper versions 2.1.0 through 2.10.1 and utilizing custom authentication plugins, you are potentially affected.
Upgrade OpenSearch Data Prepper to version 2.10.2 or later. If immediate upgrade is not possible, disable custom plugins as a temporary workaround.
Currently, there are no known public exploits or active campaigns targeting this vulnerability, but vigilance is still advised.
Refer to the OpenSearch security advisory and the National Vulnerability Database (NVD) entry for CVE-2024-55886 for detailed information.
上传你的 pom.xml 文件,立即知道是否受影响。