Opensearch@* Security Vulnerabilities and Issues — Opensearch@* CVE List

Lucene search

AmazonOpensearch*

9 matches found

CVE•added 2023/02/03 8:15 p.m.•131 views

CVE-2023-23933

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, ...

5.7CVSS4.8AI score0.00085EPSS

CVE•added 2022/06/30 10:15 p.m.•114 views

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safe_load. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. A...

8.8CVSS8.7AI score0.00495EPSS

CVE•added 2023/05/08 9:15 p.m.•113 views

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not cor...

5.9CVSS5.3AI score0.00408EPSS

CVE•added 2023/10/16 10:15 p.m.•95 views

CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit an...

5.4CVSS5AI score0.00086EPSS

CVE•added 2023/01/26 9:18 p.m.•90 views

CVE-2023-23612

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and ...

8.8CVSS6.3AI score0.00093EPSS

CVE•added 2022/11/16 12:15 a.m.•75 views

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a respons...

4.3CVSS4.4AI score0.00078EPSS

CVE•added 2023/01/26 9:18 p.m.•69 views

CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-gen...

6.5CVSS5.6AI score0.0025EPSS

CVE•added 2022/11/15 11:15 p.m.•63 views

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams...

6.3CVSS6.3AI score0.00037EPSS

CVE•added 2023/03/02 4:15 a.m.•40 views

CVE-2023-25806

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal ...

5.3CVSS5.4AI score0.00227EPSS