CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23613 – Field-level security issue with .keyword fields in OpenSearch
https://notcve.org/view.php?id=CVE-2023-23613
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-generated .keyword fields. This issue is only present for authenticated users with read access to the indexes containing the restricted fields. This may expose data which may otherwise not be accessible to the user. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. • https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0 https://github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41917 – Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch
https://notcve.org/view.php?id=CVE-2022-41917
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. • https://github.com/opensearch-project/OpenSearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0 https://github.com/opensearch-project/OpenSearch/security/advisories/GHSA-w3rx-m34v-wrqx • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41918 – Issue with fine-grained access control of indices backing data streams
https://notcve.org/view.php?id=CVE-2022-41918
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue. • https://github.com/opensearch-project/security/commit/f7cc569c9d3fa5d5432c76c854eed280d45ce6f4 https://github.com/opensearch-project/security/security/advisories/GHSA-wmx7-x4jp-9jgg • CWE-612: Improper Authorization of Index Containing Sensitive Information CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31115 – Unsafe YAML deserialization in opensearch-ruby
https://notcve.org/view.php?id=CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. • https://github.com/opensearch-project/opensearch-ruby/pull/77 https://github.com/opensearch-project/opensearch-ruby/security/advisories/GHSA-977c-63xq-cgw3 https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated • CWE-502: Deserialization of Untrusted Data •