PT-2024-7916 · Opensearch+2 · Opensearch Dashboards Security Plugin+2

Cwperks

Published

2024-08-23

Updated

2025-07-24

CVE-2024-43794

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenSearch Dashboards Security Plugin versions prior to 1.3.19 OpenSearch Dashboards Security Plugin versions prior to 2.16.0

Description The issue is related to improper validation of the nextUrl parameter, which can lead to an external redirect during login, potentially compromising security. This could allow a remote attacker to redirect a user to a malicious site.

Recommendations For versions prior to 1.3.19, update to version 1.3.19 to mitigate the risk. For versions prior to 2.16.0, update to version 2.16.0 to mitigate the risk. As a temporary workaround, consider restricting access to the nextUrl parameter in the login functionality until a patch is applied.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2025-9506

ALT-PU-2025-9551

BDU:2024-09420

CVE-2024-43794

GHSA-3FPH-6CQP-5MFC

Affected Products

Alt Linux

Opensearch Dashboards Security Plugin

Red Os

PT-2024-7916 · Opensearch+2 · Opensearch Dashboards Security Plugin+2

CVE-2024-43794

Weakness Enumeration

Related Identifiers

Affected Products

References · 18