Lucene search
+L

6 matches found

CVE
CVE
added 2022/06/30 9:55 p.m.141 views

CVE-2022-31115

Opensearch-ruby before 2.0.1 is affected by unsafe YAML deserialization via YAML.load (not YAML.safe_load). Vulnerable in 2.0.0 and earlier when the response is YAML, exploitable only if an attacker controls the opensearch server and lures the victim to connect. Patch available in 2.0.1 (and subs...

8.8CVSS8.7AI score0.01501EPSS
CVE
CVE
added 2023/05/08 8:33 p.m.141 views

CVE-2023-31141

OpenSearch vulnerability CVE-2023-31141 involves race-condition on access-control rules (document-level/field-level security and field masking) where queries may bypass correct authorization under extremely rare timing with concurrent requests and query-cache eviction. Affected are OpenSearch rel...

5.9CVSS5.3AI score0.0046EPSS
CVE
CVE
added 2023/10/16 9:33 p.m.115 views

CVE-2023-45807

OpenSearch Dashboards contains a tenant-permissions issue where authenticated users with read-only access to a tenant can create, edit, or delete index metadata for dashboards/visualizations in that tenant. This affects metadata only (not index data); read-only verification for data remains intac...

5.4CVSS5AI score0.0041EPSS
CVE
CVE
added 2022/11/15 12:0 a.m.87 views

CVE-2022-41918

OpenSearch has a vulnerability where fine-grained access controls (document-level security, field-level security, and field masking) are not correctly applied to the indices backing data streams, potentially allowing incorrect access authorization. The issue affects OpenSearch prior to the patche...

6.3CVSS6.3AI score0.0043EPSS
CVE
CVE
added 2023/03/02 3:4 a.m.64 views

CVE-2023-25806

OpenSearch Security (the OpenSearch Security plugin) has a time-discrepancy issue in authentication responses when using the internal basic IdP. The observed behavior affects authentication latency between requests for existing vs non-existing users. Patches are available in OpenSearch Security v...

5.3CVSS5.4AI score0.00328EPSS
CVE
CVE
added 2025/11/25 7:43 p.m.46 views

CVE-2025-9624

OpenSearch CVE-2025-9624: A DoS vulnerability via complex query_string inputs affects OpenSearch 3.0.0–3.2.x and OpenSearch

8.3CVSS6.1AI score0.0048EPSS