opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security (FLS) with .keyword fields
, allowing an attacker to gain read access to indexes through the restricted fields.
github.com/advisories/GHSA-v3cg-7r9h-r2g6
github.com/opensearch-project/OpenSearch/commit/87778c00317c0bbfabcd6e5bd34fe00fb2db2556
github.com/opensearch-project/OpenSearch/pull/5260
github.com/opensearch-project/OpenSearch/releases/tag/2.5.0
github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6