2 matches found
CVE-2022-35980 OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...
GHSA-F4QR-F4XX-HJXW OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information
Impact Requests to an OpenSearch cluster configured with advanced access control features document level security DLS, field level security FLS, and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to .kibana by...