Lucene search
K

745 matches found

Vulnrichment
Vulnrichment
added 2022/08/12 5:40 p.m.7 views

CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References3
CVE
CVE
added 2022/08/12 5:40 p.m.97 views

CVE-2022-35980

CVE-2022-35980 affects OpenSearch Security plugin versions 2.0.0.0 and 2.1.0.0. The flaw allows information disclosure when an OpenSearch cluster uses DLS/FLS/field masking and an aliased index causes queries to bypass filters (OpenSearch Dashboards alias to .kibana). OpenSearch 2.2.0 (and compat...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/08/12 5:40 p.m.13 views

CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/12 5:31 p.m.39 views

OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

Impact Requests to an OpenSearch cluster configured with advanced access control features document level security DLS, field level security FLS, and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to .kibana by...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/08/12 5:31 p.m.27 views

GHSA-F4QR-F4XX-HJXW OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information

Impact Requests to an OpenSearch cluster configured with advanced access control features document level security DLS, field level security FLS, and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to .kibana by...

7.5CVSS7.5AI score0.00918EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.3 views

OpenSearch Security 安全漏洞

OpenSearch Security is an OpenSearch plugin for providing encryption, authentication and authorization. A security vulnerability exists in OpenSearch Security version 2.0.0.0, 2.1.0.0. An attacker has exploited the vulnerability to disclose sensitive information...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/12 12:0 a.m.4 views

PT-2022-23078 · Unknown · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions 2.0.0.0 through 2.1.0.0 Description: The issue concerns an information disclosure vulnerability in OpenSearch Security, a plugin for OpenSearch that provides encryption, authentication, and authorization. When an...

7.5CVSS7.2AI score0.00918EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/07/05 8:41 p.m.109 views

opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization

Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2 References...

8.8CVSS8.4AI score0.01501EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/07/05 8:41 p.m.33 views

GHSA-977C-63XQ-CGW3 opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization

Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2 References...

8.8CVSS8.7AI score0.01501EPSS
Exploits1References8
RubySec
RubySec
added 2022/07/05 12:0 a.m.19 views

Unsafe YAML deserialization in opensearch-ruby

Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2...

8.8CVSS3.7AI score0.01501EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2022/07/01 8:50 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data using YAML.load if the response is a YAML type. This is exploitable only if the attacker is in control of an opensearch server and convinces the victim to connect to it. Details Serialization is a proce...

8.8CVSS7AI score0.01501EPSS
Exploits1References2
Veracode
Veracode
added 2022/07/01 2:3 a.m.17 views

Deserialization Of Untrusted Data

opensearch-ruby is vulnerable to deserialization of untrusted data. The vulnerability exists due to the unsafe deserialization of response.body data in YAML.load functionality in the verifyopensearch function of pensearch.rb...

8.8CVSS8.3AI score0.01501EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/06/30 10:15 p.m.15 views

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

8.8CVSS0.01501EPSS
Exploits1References3
Prion
Prion
added 2022/06/30 10:15 p.m.23 views

Deserialization of untrusted data

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

6.8CVSS8.6AI score0.01501EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/30 9:55 p.m.26 views

CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

8.8CVSS8.9AI score0.01501EPSS
Exploits1References3
CVE
CVE
added 2022/06/30 9:55 p.m.136 views

CVE-2022-31115

Opensearch-ruby before 2.0.1 is affected by unsafe YAML deserialization via YAML.load (not YAML.safe_load). Vulnerable in 2.0.0 and earlier when the response is YAML, exploitable only if an attacker controls the opensearch server and lures the victim to connect. Patch available in 2.0.1 (and subs...

8.8CVSS8.7AI score0.01501EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/30 9:55 p.m.6 views

CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

8.8CVSS8.9AI score0.01501EPSS
Exploits1References3
OSV
OSV
added 2022/06/30 9:55 p.m.39 views

CVE-2022-31115 Unsafe YAML deserialization in opensearch-ruby

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

8.8CVSS8.5AI score0.01501EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.3 views

opensearch-ruby 代码问题漏洞

opensearch-ruby is an open source Ruby client for OpenSearch from opensearch-project. A code issue vulnerability exists in opensearch-ruby that stems from the use of the ruby YAML.load function instead of YAML.safeload in versions prior to 2.0.1. As a result, opensearch-ruby 2.0.0 and earlier may...

8.8CVSS8.1AI score0.01501EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/12/27 12:0 a.m.63 views

FreeBSD : OpenSearch -- Log4Shell (d1be3d73-6737-11ec-9eea-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d1be3d73-6737-11ec-9eea-589cfc007716 advisory. - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled...

5.9CVSS7.3AI score0.99999EPSS
Exploits20References3
Rows per page
Query Builder