VYPR
Moderate severityNVD Advisory· Published Nov 15, 2022· Updated Apr 23, 2025

Issue with fine-grained access control of indices backing data streams

CVE-2022-41918

Description

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.opensearch.plugin:opensearch-securityMaven
< 1.3.71.3.7
org.opensearch.plugin:opensearch-securityMaven
>= 2.0.0, < 2.4.02.4.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.