Medium severity6.1NVD Advisory· Published Aug 23, 2024· Updated Apr 15, 2026

CVE-2024-43794

Description

OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue.

Patches

f779544a94c2

https://github.com/opensearch-project/security-dashboards-pluginvia osv

dd6b6f695bcb

https://github.com/opensearch-project/security-dashboards-pluginvia osv

fc4f6a27c0c8

https://github.com/opensearch-project/security-dashboards-pluginvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/opensearch-project/security-dashboards-plugin/commit/fc4f6a27c0c80881be9e8ed6b9259a25c3fa0e13nvd
github.com/opensearch-project/security-dashboards-plugin/security/advisories/GHSA-3fph-6cqp-5mfcnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000