CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

CVE-2022-41918 Issue with fine-grained access control of indices backing data streams

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

CVE-2022-41906

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

Design/Logic Flaw

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

CVE-2022-41906 OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

CVE-2022-41906

OpenSearch Notifications Plugin contains a Server-Side Request Forgery (SSRF) flaw affecting OpenSearch Notifications versions 2.0.0 through 2.2.0. The issue could allow a privileged user to enumerate listening services or access resources beyond the plugin’s intended scope via HTTP requests. The...

OpenSearch Project 代码问题漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A code issue vulnerability exists in OpenSearch Project Notifications, which stems from the fact that...

CVE-2022-41906 OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

PT-2022-26137 · Opensearch · Opensearch Notifications Plugin

Name of the Vulnerable Software and Affected Versions: OpenSearch Notifications Plugin versions 2.0.0 through 2.2.0 Description: A potential Server-Side Request Forgery SSRF issue in the OpenSearch Notifications Plugin could allow an existing privileged user to enumerate listening services or...

CVE-2022-41906 OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

Upgrade Apache Commons-text to mitigate CVE-2022-42889 (excludes bundled OpenSearch)

h3. DISCLAIMER panel:title=Bundled OpenSearch|borderStyle=solid|borderColor=3c78b5|titleBGColor=3c78b5|bgColor=e7f4fa This issues only covers commons-text usages in the Bitbucket WebApp, not the bundled OpenSearch. To track the upgrade of OpenSearch to a version that contains an updated...

GHSA-C429-5P7V-VGJP vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

CVE-2020-36604 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

CVE-2020-36604 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...

CVE-2022-35980

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

Information disclosure

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...