Homepage
About Snyk

Cross-site Request Forgery (CSRF) Affecting opensearch-dashboards-2-fips package, versions <2.13.0-r0

0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Confidentiality High

    Threat Intelligence

    EPSS 0.06% (23rd percentile)
Expand this section
NVD
6.5 medium
Expand this section
Red Hat
6.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-CHAINGUARDLATEST-OPENSEARCHDASHBOARDS2FIPS-6751691
  • published 2 May 2024
  • disclosed 8 Nov 2023
Report a new vulnerability Found a mistake?

Introduced: 8 Nov 2023

CVE-2023-45857 Open this link in a new tab
CWE-352 Open this link in a new tab

How to fix?

Upgrade Chainguard opensearch-dashboards-2-fips to version 2.13.0-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream opensearch-dashboards-2-fips package and not the opensearch-dashboards-2-fips package as distributed by Chainguard. See How to fix? for Chainguard relevant fixed versions and status.

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.