CVE-2023-25806

OpenSearch Security (the OpenSearch Security plugin) has a time-discrepancy issue in authentication responses when using the internal basic IdP. The observed behavior affects authentication latency between requests for existing vs non-existing users. Patches are available in OpenSearch Security v...

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

OpenSearch Security 安全漏洞

OpenSearch Security is an OpenSearch plugin used to provide encryption, authentication, and authorization. A security vulnerability exists in OpenSearch Security that stems from incorrect authentication...

PT-2023-20318 · Opensearch +1 · Opensearch Security +1

Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions prior to 1.3.9 OpenSearch Security versions prior to 2.6.0 Description: OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication, and authorization. There is an observable discrepancy ...

Information Disclosure

opensearch-anomaly-detection is vulnerable to Information Disclosure. The vulnerability exists because of the lack of access restrictions in field-level rules in numerical feature aggregations of the library, allowing a user with the Anomaly Detector role to read aggregated numerical data...

CVE-2023-23933

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

Design/Logic Flaw

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

CVE-2023-23933 Issue in Anomaly Detection with document and field level rules in numerical feature aggregations

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

CVE-2023-23933

CVE-2023-23933 concerns OpenSearch Anomaly Detection: the plugin improperly applies document- and field-level restrictions, allowing users with the Anomaly Detector role to read aggregated numerical data from restricted fields. This affects authenticated users who already had read access to the r...

CVE-2023-23933 Issue in Anomaly Detection with document and field level rules in numerical feature aggregations

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

OpenSearch Project 缓冲区错误漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A buffer error vulnerability exists in OpenSearch. No information about this vulnerability is availabl...

PT-2023-19306 · Unknown +2 · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.8 OpenSearch versions prior to 2.6.0 Description: There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can...

CVE-2023-23612

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...

CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

Design/Logic Flaw

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

CVE-2023-23612

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...

Design/Logic Flaw

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...