OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00037
Percentile: 0.0973

CVSS Scoring

Mapped CWE(s)

• CWE-612 : Improper Authorization of Index Containing Sensitive Information
• CWE-863 : Incorrect Authorization

Affected Products

• cpe:2.3:a:amazon:opensearch:*:*:*:*:*:docker:*:*
• cpe:2.3:a:amazon:opensearch:*:*:*:*:*:docker:*:*

← Back to Home