Maven package
org.opensearch.plugin/opensearch-security
pkg:maven/org.opensearch.plugin/opensearch-security
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45807 | — | >= 2.0.0.0, < 2.11.0.0 | 2.11.0.0 | Oct 16, 2023 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perf | ||
| CVE-2023-31141 | — | >= 1.0.0, < 1.3.10.0 | 1.3.10.0 | May 8, 2023 | OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) whe | ||
| CVE-2023-25806 | — | < 1.3.9 | 1.3.9 | Mar 2, 2023 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls | ||
| CVE-2023-23612 | — | < 1.3.8 | 1.3.8 | Jan 24, 2023 | OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs whe | ||
| CVE-2023-23613 | — | < 1.3.8 | 1.3.8 | Jan 24, 2023 | OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rel | ||
| CVE-2022-41918 | — | < 1.3.7 | 1.3.7 | Nov 15, 2022 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices tha | ||
| CVE-2022-35980 | — | >= 2.0.0.0, < 2.2.0.0 | 2.2.0.0 | Aug 12, 2022 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access |
- CVE-2023-45807Oct 16, 2023affected >= 2.0.0.0, < 2.11.0.0fixed 2.11.0.0
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perf
- CVE-2023-31141May 8, 2023affected >= 1.0.0, < 1.3.10.0fixed 1.3.10.0
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) whe
- CVE-2023-25806Mar 2, 2023affected < 1.3.9fixed 1.3.9
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls
- CVE-2023-23612Jan 24, 2023affected < 1.3.8fixed 1.3.8
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs whe
- CVE-2023-23613Jan 24, 2023affected < 1.3.8fixed 1.3.8
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rel
- CVE-2022-41918Nov 15, 2022affected < 1.3.7fixed 1.3.7
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices tha
- CVE-2022-35980Aug 12, 2022affected >= 2.0.0.0, < 2.2.0.0fixed 2.2.0.0
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access