CVE-2021-44833: Incorrect Default Permissions

December 12, 2021 (updated December 15, 2021)

The CLI for Amazon AWS OpenSearch has weak permissions for the configuration file.

References

github.com/opensearch-project/opensearch-cli/blob/275085730f791daccaac81c566a25f541656d9f9/commands/root.go
github.com/opensearch-project/opensearch-cli/commit/69dc712d0d0d05dc2bc2bd0d733c73e3641b633a
nvd.nist.gov/vuln/detail/CVE-2021-44833

Detect and mitigate CVE-2021-44833 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →