Lucene search
K

745 matches found

BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.5 views

The vulnerability of the OpenSearch software package, related to incorrect authorization, allows a perpetrator to introduce incorrect access authorization.

The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document level security, field level security, and field masking. These rules were incorrectly applied to queries under rare execution conditions. Exploiting this vulnerability c...

5.9CVSS6.3AI score0.0046EPSS
Exploits0References4Affected Software3
Redos
Redos
added 2023/06/15 12:0 a.m.18 views

ROS-20230615-02

The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document-level security, field-level security, and field masking when they were incorrectly applied to queries during extremely rare runtime conditions. Exploitation of the of th...

5.9CVSS5.9AI score0.0046EPSS
Exploits0
Veracode
Veracode
added 2023/05/15 6:0 a.m.21 views

Race Condition

org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...

5.9CVSS6.8AI score0.0046EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/09 9:25 p.m.37 views

OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

5.9CVSS6.4AI score0.0046EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/09 9:25 p.m.23 views

GHSA-G8XC-6MF7-H28H OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

4.8CVSS5.3AI score0.0046EPSS
Exploits0References3
NVD
NVD
added 2023/05/08 9:15 p.m.20 views

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

5.9CVSS5.3AI score0.0046EPSS
Exploits0References1
Prion
Prion
added 2023/05/08 9:15 p.m.17 views

Race condition

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

2.6CVSS5.7AI score0.0046EPSS
Exploits0References1Affected Software2
UbuntuCve
UbuntuCve
added 2023/05/08 9:15 p.m.11 views

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

5.9CVSS6.2AI score0.0046EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/08 8:33 p.m.33 views

CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

4.8CVSS5.9AI score0.0046EPSS
Exploits0References1
CVE
CVE
added 2023/05/08 8:33 p.m.140 views

CVE-2023-31141

OpenSearch vulnerability CVE-2023-31141 involves race-condition on access-control rules (document-level/field-level security and field masking) where queries may bypass correct authorization under extremely rare timing with concurrent requests and query-cache eviction. Affected are OpenSearch rel...

5.9CVSS5.3AI score0.0046EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/08 8:33 p.m.6 views

CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

4.8CVSS5.7AI score0.0046EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/05/08 8:33 p.m.15 views

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

5.9CVSS5.7AI score0.0046EPSS
Exploits0
OSV
OSV
added 2023/05/08 8:33 p.m.37 views

CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

4.8CVSS5.7AI score0.0046EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.3 views

PT-2023-3287 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.10 and 2.7.0 Description: The issue is related to the implementation of fine-grained access control rules, including document-level security, field-level security, and field masking. These rules are not...

5.9CVSS5.5AI score0.0046EPSS
Exploits0References13
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.17 views

OpenSearch 安全漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch versions 1.3.10 and 2.7.0 that stems from a problem with...

5.9CVSS5.8AI score0.0046EPSS
Exploits0References2
OSV
OSV
added 2023/03/07 8:4 p.m.22 views

GHSA-WMX7-X4JP-9JGG OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...

6.3CVSS6.2AI score0.0043EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/03/07 8:4 p.m.37 views

OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...

6.3CVSS6.2AI score0.0043EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/07 5:38 p.m.29 views

OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

5.3CVSS5.6AI score0.00328EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/07 5:38 p.m.33 views

GHSA-C6WG-CM5X-RQVJ OpenSearch has time discrepancy in authentication responses

Impact There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider IdP, and not other externally configured IdPs. Patches OpenSearch 1.3.9...

5.3CVSS5.3AI score0.00328EPSS
Exploits0References4
NVD
NVD
added 2023/03/02 4:15 a.m.22 views

CVE-2023-25806

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

5.3CVSS5.4AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder