Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:59 p.m.8 views

CVE-2022-35980

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS6.5AI score0.00918EPSS
Exploits0References1
Veracode
Veracode
added 2023/05/15 6:0 a.m.21 views

Race Condition

org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...

5.9CVSS6.8AI score0.0046EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/02 4:15 a.m.19 views

Authorization

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

5CVSS5.4AI score0.00328EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/03/02 3:4 a.m.5 views

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

5.3CVSS7.4AI score0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.5 views

OpenSearch Security 安全漏洞

OpenSearch Security is an OpenSearch plugin used to provide encryption, authentication, and authorization. A security vulnerability exists in OpenSearch Security that stems from incorrect authentication...

5.3CVSS5.6AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/01 12:0 a.m.4 views

PT-2023-20318 · Opensearch +1 · Opensearch Security +1

Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions prior to 1.3.9 OpenSearch Security versions prior to 2.6.0 Description: OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication, and authorization. There is an observable discrepancy ...

5.3CVSS7.5AI score0.00328EPSS
Exploits0References11
NVD
NVD
added 2022/08/12 6:15 p.m.53 views

CVE-2022-35980

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS0.00918EPSS
Exploits0References3
CVE
CVE
added 2022/08/12 5:40 p.m.99 views

CVE-2022-35980

CVE-2022-35980 affects OpenSearch Security plugin versions 2.0.0.0 and 2.1.0.0. The flaw allows information disclosure when an OpenSearch cluster uses DLS/FLS/field masking and an aliased index causes queries to bypass filters (OpenSearch Dashboards alias to .kibana). OpenSearch 2.2.0 (and compat...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/12 5:40 p.m.7 views

CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/12 12:0 a.m.5 views

PT-2022-23078 · Unknown · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions 2.0.0.0 through 2.1.0.0 Description: The issue concerns an information disclosure vulnerability in OpenSearch Security, a plugin for OpenSearch that provides encryption, authentication, and authorization. When an...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.6 views

OpenSearch Security 安全漏洞

OpenSearch Security is an OpenSearch plugin for providing encryption, authentication and authorization. A security vulnerability exists in OpenSearch Security version 2.0.0.0, 2.1.0.0. An attacker has exploited the vulnerability to disclose sensitive information...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References4
Rows per page
Query Builder