Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]access Script Console Jenkins lead to do rce migrations.ci.opensearch.org #1208

Closed
shadihh9 opened this issue Dec 22, 2024 · 4 comments
Closed

[BUG]access Script Console Jenkins lead to do rce migrations.ci.opensearch.org #1208

shadihh9 opened this issue Dec 22, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@shadihh9
Copy link

What is the bug?

A clear and concise description of the bug.
I found bug access Script Console Jenkins lead to do rce migrations.ci.opensearch.org

How can one reproduce the bug?

Steps to reproduce the behavior.
1- go to https://3.225.65.64/_script and see access Script
Console Jenkins lead to do rce migrations.ci.opensearch.org
openi
and see

What is the expected behavior?

A clear and concise description of what you expected to happen.
can attacker access Script Console Jenkins lead to do rce migrations.ci.opensearch.org

What is your host/environment?

Operating system, version.

Do you have any screenshots?

If applicable, add screenshots to help explain your problem.

Do you have any additional context?

Add any other context about the problem.
@shadihh9 shadihh9 added bug Something isn't working untriaged labels Dec 22, 2024
@dblock dblock transferred this issue from opensearch-project/opensearch-py Dec 22, 2024
@dblock
Copy link
Member

dblock commented Dec 22, 2024

Thanks for reporting this, please avoid reporting security-related issues on GitHub, see https://github.com/opensearch-project/.github/blob/main/SECURITY.md for how to report then. Someone will take a look.

@kumargu
Copy link

kumargu commented Dec 23, 2024

cc @cwperks (for covering in triage)

@shadihh9 I don't understand the the reference to migrations.ci.opensearch.org in the screenshot. Could you please follow the guidelines shared earlier; adding details around "What is the expected behavior?".

@sumobrian
Copy link
Collaborator

Hi @shadihh9 ,

Thank you for bringing this to our attention but I cannot reproduce any RCE from an anonymous user as I believe you are implying from the screenshot. Explicit steps may be helpful to determine if there is a vulnerability.

To clarify, while the _script endpoint is accessible, only authenticated users with admin privileges should be able to execute scripts. I have verified that this endpoint enforces both authentication and admin-level authorization for execution. Additionally, I have reviewed the list of admin users and confirmed that only current openSearch-migration maintainers possess the necessary permissions to execute scripts.

If you have evidence suggesting a security concern or unauthorized access, please provide additional details or steps to reproduce the issue for further investigation.

@sumobrian
Copy link
Collaborator

Closing this issue as unreproducible. @shadihh9, if you have evidence that this is still a problem, please provide detailed steps to reproduce. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dblock @shadihh9 @sumobrian @kumargu