Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-23613

Опубликовано: 26 янв. 2023
Источник: nvd
CVSS3: 5.7
CVSS3: 6.5
EPSS Низкий

Описание

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-generated .keyword fields. This issue is only present for authenticated users with read access to the indexes containing the restricted fields. This may expose data which may otherwise not be accessible to the user. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. Users unable to upgrade may write explicit exclusion rules as a workaround. Policies authored in this way are not subject to this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:amazon:opensearch:*:*:*:*:*:-:*:*
Версия от 1.0.0 (включая) до 1.3.8 (исключая)
cpe:2.3:a:amazon:opensearch:*:*:*:*:*:-:*:*
Версия от 2.0.0 (включая) до 2.5.0 (исключая)

EPSS

Процентиль: 48%
0.0025
Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200
CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2023-23613

CVSS3: 5.7
ubuntu
больше 2 лет назад

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-generated .keyword fields. This issue is only present for authenticated users with read access to the indexes containing the restricted fields. This may expose data which may otherwise not be accessible to the user. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. Users unable to upgrade may write explicit exclusion rules as a workaround. Policies authored in this way are not subject to this issue.

debian логотип

CVE-2023-23613

CVSS3: 5.7
debian
больше 2 лет назад

OpenSearch is an open source distributed and RESTful search engine. In ...

github логотип

GHSA-v3cg-7r9h-r2g6

CVSS3: 5.7
github
больше 2 лет назад

Field-level security issue with .keyword fields in OpenSearch

fstec логотип

BDU:2025-04294

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость программного пакета OpenSearch, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

redos логотип

ROS-20250403-14

CVSS3: 8.8
redos
3 месяца назад

Множественные уязвимости opensearch

EPSS

Процентиль: 48%
0.0025
Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-200
CWE-200