5 matches found
Race Condition
org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...
OpenSearch issue with fine-grained access control during extremely rare race conditions
Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...
UBUNTU-CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
CVE-2023-31141
OpenSearch vulnerability CVE-2023-31141 involves race-condition on access-control rules (document-level/field-level security and field masking) where queries may bypass correct authorization under extremely rare timing with concurrent requests and query-cache eviction. Affected are OpenSearch rel...