OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LAmazon Opensearch
APPAmazon< 1.3.72.0.0 β 2.4.0 (bez)
Related vulnerabilities
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_st...
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versi...
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ...
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in...
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versi...