744 matches found
CVE-2023-45807
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...
CVE-2023-45807 OpenSearch Issue with tenant read-only permissions
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...
CVE-2023-45807 OpenSearch Issue with tenant read-only permissions
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...
CVE-2023-45807 OpenSearch Issue with tenant read-only permissions
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...
PT-2023-7035 · Unknown +1 · Opensearch +2
Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.14 OpenSearch versions prior to 2.11.0 Description: There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can...
OpenSearch Project Security Vulnerability
OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch. An attacker exploiting this vulnerability could perform...
FALSE POSITIVE - OpenSearch Vulnerability in Bitbucket Data Center and Server
Notice of FALSE POSITIVE After review, it has been determined that CVE-2022-41906 DOES NOT affect ANY version of Bitbucket Data Center or Bitbucket Server. We have updated our bulletin and Jira tickets to reflect this update. We have taken action to prevent this false-positive from appearing in o...
GHSA-CGWF-W82Q-5JRR vulnerabilities
Vulnerabilities for packages: kayenta, trino, kayenta-fips, opensearch...
CVE-2023-42503 vulnerabilities
Vulnerabilities for packages: opensearch, trino...
CVE-2023-42503 vulnerabilities
Vulnerabilities for packages: kayenta, trino, kayenta-fips, opensearch...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
Command injection
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
CVE-2023-28864
Progress Chef Infra Server before 15.7 is affected by CVE-2023-28864. A local attacker can exploit a world-readable /var/opt/opscode/local-mode-cache/backup temporary backup path to access sensitive information, leading to disclosure of all indexed node data because OpenSearch credentials are exp...
PT-2023-22015 · Progress · Progress Chef Infra Server
Name of the Vulnerable Software and Affected Versions: Progress Chef Infra Server versions prior to 15.7 Description: The issue allows a local attacker to access sensitive information by exploiting a world-readable temporary backup path at /var/opt/opscode/local-mode-cache/backup. This results in...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
CVE-2023-28864
Removed by vendor...
The vulnerability of the OpenSearch software package, related to incorrect authorization, allows a perpetrator to introduce incorrect access authorization.
The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document level security, field level security, and field masking. These rules were incorrectly applied to queries under rare execution conditions. Exploiting this vulnerability c...