PT-2023-19074 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions 1.0.0 through 1.3.7 OpenSearch versions 2.0.0 through 2.4.1 Description: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is...

PT-2023-19075 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions 1.0.0 through 1.3.7 OpenSearch versions 2.0.0 through 2.4.1 Description: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not...

Upgrade OpenSearch to 1.3.7 to mitigate CVE-2022-42889

In BSERV-13534 commons-text usages were upgraded in the Bitbucket Webapp to mitigate against CVE-2022-42889 although Bitbucket WebApp was actually unaffected. The bundled OpenSearch should also be updated to 1.3.7 when it is released. The release date is currently scheduled for 13-Dec-2022:...

GHSA-68M8-V89J-7J2P vulnerabilities

Vulnerabilities for packages: opensearch, elasticsearch...

GHSA-68M8-V89J-7J2P vulnerabilities

Vulnerabilities for packages: opensearch...

CVE-2022-45146 vulnerabilities

Vulnerabilities for packages: opensearch...

CVE-2022-45146 vulnerabilities

Vulnerabilities for packages: opensearch, elasticsearch...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

Information disclosure

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

Authorization

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41918

OpenSearch has a vulnerability where fine-grained access controls (document-level security, field-level security, and field masking) are not correctly applied to the indices backing data streams, potentially allowing incorrect access authorization. The issue affects OpenSearch prior to the patche...

OpenSearch Project 安全漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch Project versions prior to 1.3.7 and 2.x versions prior t...

OpenSearch Project 信息泄露漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. An information disclosure vulnerability exists in OpenSearch Project versions prior to 1.3.7 and 2.x...

CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41917

OpenSearch CVE-2022-41917 is an information-disclosure flaw in OpenSearch where an incorrect error-handling path allows certain crafted REST queries to read the first line from arbitrary text files, limited to files readable under the Java Security Manager policy. Affected versions are OpenSearch...

CVE-2022-41918 Issue with fine-grained access control of indices backing data streams

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

PT-2022-26147 · Unknown · Opensearch

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.7 OpenSearch versions prior to 2.4.0 Description: An issue in OpenSearch allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of...

CVE-2022-41918 Issue with fine-grained access control of indices backing data streams

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...