Lucene search
Veracode Vulnerability DatabaseVERACODE:38999HistoryJan 25, 2023 - 2:38 a.m.
Information Disclosure
2023-01-2502:38:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
50
opensearch
information disclosure
field-level security
fls
.keyword fields
attacker access
0.001 Low
EPSS
Percentile
26.2%
opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security (FLS) with .keyword fields , allowing an attacker to gain read access to indexes through the restricted fields.
References
github.com/advisories/GHSA-v3cg-7r9h-r2g6
github.com/opensearch-project/OpenSearch/commit/87778c00317c0bbfabcd6e5bd34fe00fb2db2556
github.com/opensearch-project/OpenSearch/pull/5260
github.com/opensearch-project/OpenSearch/releases/tag/2.5.0
github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6
Related
prion
prion
Design/Logic Flaw
2023-01-26 21:18:00
debiancve
debiancve
CVE-2023-23613
2023-01-26 21:18:14
nvd
nvd
CVE-2023-23613
2023-01-26 21:18:14
osv
osv
Field-level security issue with .keyword fields in OpenSearch
2023-01-24 20:54:28
CVE-2023-23613
2023-01-26 21:18:14
ubuntucve
ubuntucve
CVE-2023-23613
2023-01-26 00:00:00
cvelist
cvelist
CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch
2023-01-24 20:33:55
cve
cve
CVE-2023-23613
2023-01-26 21:18:14
github
github
Field-level security issue with .keyword fields in OpenSearch
2023-01-24 20:54:28