PT-2023-9839 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61 Description: The issue exists due to insufficient input validation in the OpenSearch Dashboards component. It allows a remote attacker to gain unauthorized access to protected...

com.erudika:para-search-elasticsearch (=1.40.5), com.playtika.testcontainers:embedded-opensearch (>=3.0.7 <=3.1.6) +30 more potentially affected by unknown CVE via org.opensearch:opensearch (>=2.0.0 <=2.11.0)

org.opensearch:opensearch MAVEN version =2.0.0, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.37.0, =2.10.0, =2.11.0 - org.codelibs.fess:fess-suggest =14.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6G3J-P5G6-992F...

GHSA-6G3J-P5G6-992F OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

The vulnerability of the OpenSearch software package, related to improper storage of permissions, allows a violator to compromise data integrity.

Vulnerability of the OpenSearch software package, related to improper storage of permissions. Exploiting this vulnerability can allow an attacker to compromise data integrity...

ROS-20231121-03

OpenSearch software package vulnerability related to improper permission saving. Exploitation exploitation of the vulnerability could allow an attacker to affect data integrity...

GHSA-WF5P-G6VW-RHXX vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

GHSA-WF5P-G6VW-RHXX vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

CVE-2023-45857 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

Denial Of Service (DoS)

OpenSearch is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation for malformed HTTP requests sent by an unauthenticated user in an opensearch node .This can leas to memory exhaustion resulting in to Denial of Service...

Improper Preservation Of Permissions

OpenSearch Security is vulnerable to Improper Preservation Of Permissions. The vulnerability exists in the isTenantAllowed function at PrivilegesInterceptorImpl.java which allows an attacker with read only access to create, edit, and delete operations on index metadata of dashboards...

GHSA-72Q2-GWWF-6HRV OpenSearch Issue with tenant read-only permissions

Impact There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them...

OpenSearch Issue with tenant read-only permissions

Impact There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them...

GHSA-8WX3-324G-W4QQ OpenSearch uncontrolled resource consumption

Impact An issue has been identified with how OpenSearch handled incoming requests on the HTTP layer. An unauthenticated user could force an OpenSearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering an...

OpenSearch uncontrolled resource consumption

Impact An issue has been identified with how OpenSearch handled incoming requests on the HTTP layer. An unauthenticated user could force an OpenSearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering an...

CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

Information disclosure

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

UBUNTU-CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

CVE-2023-45807

OpenSearch Dashboards contains a tenant-permissions issue where authenticated users with read-only access to a tenant can create, edit, or delete index metadata for dashboards/visualizations in that tenant. This affects metadata only (not index data); read-only verification for data remains intac...