Published: 16/10/2023 Updated: 20/10/2023

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 0

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amazon opensearch

Debian Bug report logs - #1054912 opensearch: CVE-2023-45807 CVE-2023-31141 CVE-2023-23613 CVE-2023-23612 Package: src:opensearch; Maintainer for src:opensearch is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sat, 28 Oct 2023 14:45:02 UT ...

CWE-281 https://github.com/opensearch-project/security/security/advisories/GHSA-72q2-gwwf-6hrv https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054912 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-45807

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect