744 matches found
Design/Logic Flaw
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...
UBUNTU-CVE-2023-23612
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...
OpenSearch Project 授权问题漏洞
OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. An authorization issue vulnerability exists in OpenSearch versions 1.0.0 through 1.3.7 and 2.0.0 throu...
OpenSearch Project 信息泄露漏洞
OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. An information disclosure vulnerability exists in OpenSearch Project versions 1.0.0 through 1.3.7 and...
Information Disclosure
opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security FLS with .keyword fields , allowing an attacker to gain read access to indexes through the restricted fields...
Authentication Bypass
opensearch is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly handle white spaces in JWT roles which allow users to potentially claim roles that they are not assigned to by injecting and executing malicious code...
Field-level security issue with .keyword fields in OpenSearch
Advisory title: Field-level security issue with .keyword fields Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly...
GHSA-V3CG-7R9H-R2G6 Field-level security issue with .keyword fields in OpenSearch
Advisory title: Field-level security issue with .keyword fields Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly...
Issue with whitespace in JWT roles in OpenSearch
Advisory title: Issue with whitespace in JWT roles Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID...
GHSA-864V-6QJ7-62QJ Issue with whitespace in JWT roles in OpenSearch
Advisory title: Issue with whitespace in JWT roles Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID...
CVE-2023-23612
CVE-2023-23612 affects OpenSearch. A flaw in processing JWT role claims trims leading/trailing whitespace, which can let authenticated users claim roles they are not assigned to if a whitespace-matching role exists. Affected OpenSearch versions: 1.0.0–1.3.7 and 2.0.0–2.4.1. The issue relies on th...
CVE-2023-23612 Issue with whitespace in JWT roles in OpenSearch
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...
CVE-2023-23612 Issue with whitespace in JWT roles in OpenSearch
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...
CVE-2023-23612 Issue with whitespace in JWT roles in OpenSearch
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...
CVE-2023-23612
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and...
CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...
CVE-2023-23613
CVE-2023-23613 affects OpenSearch with a flaw in field-level security (FLS) and field masking. Rules that explicitly exclude fields may not be applied correctly for queries relying on generated .keyword fields, potentially exposing data to authenticated users with read access to restricted indexe...
CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...
CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...
CVE-2023-23613
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...