31 matches found
CVE-2022-35980
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...
Race Condition
org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...
Authorization
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...
OpenSearch Security 安全漏洞
OpenSearch Security is an OpenSearch plugin used to provide encryption, authentication, and authorization. A security vulnerability exists in OpenSearch Security that stems from incorrect authentication...
PT-2023-20318 · Opensearch +1 · Opensearch Security +1
Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions prior to 1.3.9 OpenSearch Security versions prior to 2.6.0 Description: OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication, and authorization. There is an observable discrepancy ...
CVE-2022-35980
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...
CVE-2022-35980
CVE-2022-35980 affects OpenSearch Security plugin versions 2.0.0.0 and 2.1.0.0. The flaw allows information disclosure when an OpenSearch cluster uses DLS/FLS/field masking and an aliased index causes queries to bypass filters (OpenSearch Dashboards alias to .kibana). OpenSearch 2.2.0 (and compat...
CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...
PT-2022-23078 · Unknown · Opensearch +2
Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions 2.0.0.0 through 2.1.0.0 Description: The issue concerns an information disclosure vulnerability in OpenSearch Security, a plugin for OpenSearch that provides encryption, authentication, and authorization. When an...
OpenSearch Security 安全漏洞
OpenSearch Security is an OpenSearch plugin for providing encryption, authentication and authorization. A security vulnerability exists in OpenSearch Security version 2.0.0.0, 2.1.0.0. An attacker has exploited the vulnerability to disclose sensitive information...