2 matches found
CVE-2023-31141
OpenSearch vulnerability CVE-2023-31141 involves race-condition on access-control rules (document-level/field-level security and field masking) where queries may bypass correct authorization under extremely rare timing with concurrent requests and query-cache eviction. Affected are OpenSearch rel...
CVE-2023-25806
OpenSearch Security (the OpenSearch Security plugin) has a time-discrepancy issue in authentication responses when using the internal basic IdP. The observed behavior affects authentication latency between requests for existing vs non-existing users. Patches are available in OpenSearch Security v...