MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2022-41918

CVSS 6.3v3.1pub. 2022-11-15upd. 2024-11-21

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Amazon Opensearch

    APP
    Amazon
    < 1.3.72.0.0 – 2.4.0 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-9624HIGH8.3ten sam produkt

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_st...

CVE-2022-35980HIGH7.5ten sam produkt

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versi...

CVE-2022-31115HIGH8.8ten sam produkt

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ...

CVE-2023-45807MEDIUM5.4ten sam produkt

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in...

CVE-2023-31141MEDIUM4.8ten sam produkt

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versi...

CVE-2022-41918 β€” Amazon β€” Opensearch β€” MEDIUM β€” CVSS 6.3 | CVEbaza.pl