CVE-2022-41918

Source
https://cve.org/CVERecord?id=CVE-2022-41918
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41918.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41918
Aliases
Published
2022-11-15T00:00:00Z
Modified
2026-07-09T00:13:24.790509Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Issue with fine-grained access control of indices backing data streams
Details

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41918.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-612",
        "CWE-863"
    ]
}
References

Affected packages

Git / github.com/opensearch-project/anomaly-detection

Affected ranges

Type
GIT
Repo
https://github.com/opensearch-project/anomaly-detection
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:amazon:opensearch:*:*:*:*:*:docker:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.7"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.4.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/opensearch-project/opensearch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:amazon:opensearch:*:*:*:*:*:docker:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.7"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.4.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/opensearch-project/security
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:amazon:opensearch:*:*:*:*:*:docker:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.7"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.4.0"
        }
    ]
}

Affected versions

Other
(None)
1.*
1.0.0-alpha1
1.0.0-alpha2
1.0.0-beta1
1.0.0.0
1.0.0.0-beta1
1.0.0.0-rc1
1.1.0.0
1.3.0
1.3.0.0
1.3.1
1.3.1.0
1.3.2
1.3.2.0
1.3.3
1.3.3.0
1.3.4
1.3.4.0
1.3.5
1.3.5.0
1.3.6
1.3.6.0
2.*
2.3.0.0
v0.*
v0.7.0.0
v0.7.0.1
v0.8.0.0
v0.9.0.0
v1.*
v1.0.0.0
v1.0.0.0-beta1
v1.0.0.0-beta1-rc1
v1.0.0.0-beta1-rc2
v1.0.0.0-beta1-rc3
v1.0.0.0-rc1
v1.0.1.0-OS-rc1
v1.1.0.0
v1.10.0.0
v1.10.0.0-rc1
v1.10.1.0
v1.10.1.0-rc1
v1.10.1.0-rc2
v1.11.0.0
v1.11.0.0-rc1
v1.12.0.0
v1.12.0.0-rc
v1.13.0.0
v1.13.0.0-rc1
v1.13.0.0-rc2
v1.13.0.0-rc3
v1.13.0.0-rc4
v1.13.1.0
v1.13.1.0-rc1
v1.13.1.0-rc2
v1.3.0.0
v1.5.0.0
v1.5.0.1
v1.6.0.0
v1.7.0.0
v1.8.0.0
v1.9.0.0
v1.9.0.0-rc1
v1.9.0.0-rc2
v1.9.0.1

Database specific

vanir_signatures_modified
"2026-07-09T00:13:24Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41918.json"
vanir_signatures
[
    {
        "id": "CVE-2022-41918-0622182d",
        "digest": {
            "line_hashes": [
                "190802608251876723695708323815294798331",
                "159406922189635889326075075414716807852",
                "164487096438305919280300123055628806148",
                "258208411350990867880503156928978156126",
                "182745036320457048373697753478831981211",
                "17165779382262712744817156828346306604",
                "330447875107470999044063650182518584429",
                "15026532455737383454346910345973196471",
                "126453835876486614891207840059575025646",
                "176032099326614279352436648928177379106",
                "187664735698750655791313124692193036867",
                "308083681216149547805348768138620704794",
                "245688700287395083048807384280175191088",
                "11715067545084007430906719122946934852",
                "83266720936271841411945279822828016372",
                "26454332986823529055480486263394149009",
                "97254773761840406105600028925782585928",
                "130023236597886479109613843791183799228",
                "210807043238514916726357204964941549453",
                "92319298434375625179872500794115071100",
                "318310596345242875942157043850083316875"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "file": "src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java"
        }
    },
    {
        "id": "CVE-2022-41918-14d12a58",
        "digest": {
            "function_hash": "69639218466026152453728481961233906034",
            "length": 333.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testPutIndexTemplateByNonPrivilegedUser",
            "file": "src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java"
        }
    },
    {
        "id": "CVE-2022-41918-1e2c3b55",
        "digest": {
            "line_hashes": [
                "186448465345107317120688004659290159003",
                "22946908560712140361774087873459568010",
                "255155089113029079579388736432658333159",
                "172301413714983972854646049536311874344",
                "66274365401751312851229191492631401282",
                "190717640207533214482700186734970863532",
                "277532028931388571807627119218031304638",
                "113828777195841737102929533843412269892",
                "118321323994054372518871354414733710278",
                "123817673483680696250066798567411253435",
                "49302787141663883651866020706607074274",
                "147763545643897575562657540161532671485",
                "67559209370179240323982977893789713474",
                "222159292968253673499813517540166457185",
                "49748764582509607740820379425900501869",
                "182919545648030101412278232884486691651"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/anomaly-detection/commit/1bf862b9bbd72de150b62356e95b8ee6e9f11811",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/ad/ml/CheckpointDaoTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-29221d0d",
        "digest": {
            "function_hash": "292191050793919971982400736026026241825",
            "length": 683.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testExactName",
            "file": "src/test/java/org/opensearch/security/securityconf/impl/v7/IndexPatternTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-3126e37c",
        "digest": {
            "function_hash": "42028553468816119098304692570194140072",
            "length": 2007.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testBackingIndicesOfDataStream",
            "file": "src/test/java/org/opensearch/security/DataStreamIntegrationTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-4563e230",
        "digest": {
            "function_hash": "295837699587208008633303767026374781651",
            "length": 671.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/anomaly-detection/commit/1bf862b9bbd72de150b62356e95b8ee6e9f11811",
        "deprecated": false,
        "target": {
            "function": "testDeserializeRCFModelPreINIT",
            "file": "src/test/java/org/opensearch/ad/ml/CheckpointDaoTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-4e6ed3c9",
        "digest": {
            "line_hashes": [
                "337821943607884718980452659685528701204",
                "67191872127043099132258444719078617037",
                "63006482482982091652990119475605508561",
                "83331883392929994829512273928432570133",
                "176118888984173788182812449208802022054",
                "241648534402091179100818036210088933165",
                "116340188457432394783552900946375185345",
                "77013053618638369785840249788436408961",
                "301350169197435810502204324930120037478",
                "335601637235022838482248156221428411199",
                "293460731607764669596222168145735287328",
                "59553097003265650940303961354436638457",
                "31857667226584150408061553680393776853",
                "241648534402091179100818036210088933165",
                "116340188457432394783552900946375185345",
                "336217410529803106497308388795854054548",
                "18881345243492272406900253402779917897",
                "319102887999780372378638826515811820598",
                "24180246899425561157268646521432359175",
                "291888254206080354166150691576664889664",
                "166231027250654263840814759471300605043",
                "121780149104149545242255340641482989207",
                "334273751201741764029112690256834324253",
                "283658829666879120251365614861630876250",
                "283426502094342689667712021711664278798",
                "148187277847259279314034420529149718087",
                "295969006678731434423048105450779667338",
                "24363717504739476079761615660374335845",
                "74037839276126673066563975321181321580",
                "82181966604903415269491430497116992023",
                "148876534904636559950672126720368763642",
                "62494087033143423537386841888166257671",
                "102460624254822870863044531768950552723",
                "94734569692399912338025076943060097246",
                "289299529954936096466336318947935218032",
                "37617140684465608575215372628899118817",
                "157840776341387863837567130103337397591",
                "159709249847975097591092559366113646247",
                "25633527858662141510583786564017553840",
                "148187277847259279314034420529149718087",
                "106382907464109697012837538732745198013",
                "23024671739418634230097975022769456774",
                "238297166626815656275027368843847093431",
                "323799062011611067023954859620693380059",
                "93483006094917618863886453929917042161",
                "225653984646749616545553751711661899161",
                "155469146650118624083371635112921719001",
                "176048929374105487295123438466638738123",
                "121917565465983165506608243880256882219",
                "95014843800091961592270914521628273087",
                "279468921564123468284645083004648545638",
                "141766389755956915823986737878147858634",
                "54624486682803109227916926808312146016"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/security/securityconf/impl/v7/IndexPatternTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-5c573b56",
        "digest": {
            "function_hash": "239744325834366404844052919760374117565",
            "length": 654.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testExactNameWithNoMatches",
            "file": "src/test/java/org/opensearch/security/securityconf/impl/v7/IndexPatternTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-62557746",
        "digest": {
            "line_hashes": [
                "190802608251876723695708323815294798331",
                "159406922189635889326075075414716807852",
                "164487096438305919280300123055628806148",
                "258208411350990867880503156928978156126",
                "182745036320457048373697753478831981211",
                "17165779382262712744817156828346306604",
                "330447875107470999044063650182518584429",
                "15026532455737383454346910345973196471",
                "126453835876486614891207840059575025646",
                "176032099326614279352436648928177379106",
                "187664735698750655791313124692193036867",
                "308083681216149547805348768138620704794",
                "245688700287395083048807384280175191088",
                "11715067545084007430906719122946934852",
                "83266720936271841411945279822828016372",
                "26454332986823529055480486263394149009",
                "97254773761840406105600028925782585928",
                "130023236597886479109613843791183799228",
                "210807043238514916726357204964941549453",
                "92319298434375625179872500794115071100",
                "318310596345242875942157043850083316875"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/f7cc569c9d3fa5d5432c76c854eed280d45ce6f4",
        "deprecated": false,
        "target": {
            "file": "src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java"
        }
    },
    {
        "id": "CVE-2022-41918-6e060877",
        "digest": {
            "function_hash": "255065948523695992490388225525586125987",
            "length": 730.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testMultipleConcreteIndices",
            "file": "src/test/java/org/opensearch/security/securityconf/impl/v7/IndexPatternTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-7e5837e2",
        "digest": {
            "line_hashes": [
                "17048627438651915533651276816066902179",
                "149934693698988820616703394443513603029",
                "146006305977508471690722198244677831683",
                "240788330656112570864437071551249202163",
                "152711017821107095246159710284433270316",
                "31568332359611237168031862415414657238",
                "270757614022594935714794753590482693846",
                "147269456921227182556343515014686265985",
                "28069109890100354480759383087192602283",
                "169803860550469453098135583702200124325",
                "304876052520787136705241555141933591828",
                "26361391883713761824559006177780922007",
                "34615098146099423752585691879625868545",
                "138070543556261093825750031169359055538",
                "39469342667864200491547007218788408392",
                "50187936608899266810208887845122098627",
                "59534714994198773360918658895498455238",
                "23915349231978591387591152578268158566",
                "280377130898672602482385272265613631449",
                "67634621076812657446984530232990775724",
                "177084852865742895149805802473831656081",
                "278606514847167371652359529281480540325",
                "209826223393783303436874919998024456803",
                "133045506598400400252127350349703619132",
                "122345375850081149632681595065651079699",
                "72177723099378191855607625409385513863",
                "33402974758347124635599450191903132369",
                "207937607897238205511138022631175747841",
                "34883721161956316783646418829305407740",
                "194391426585217133077138667830773754965",
                "194081300367898935646450443194943641754",
                "288409596071384630216693843562070203379",
                "216086512715070672518706067905168842212",
                "309673774960644042388859631219576171583",
                "159729888933527805760530388845727047285",
                "325009052105012417984003912243220128637",
                "314779181712407588552528523415963479862",
                "274923833791052264272509837526384913643",
                "8815297127135672680576973535293465689",
                "132761030311568202745053924792387187089",
                "202195023701641583966594578788921008128",
                "61531972601589059403337303544233949482",
                "102592365368395643746533626616208175397",
                "212262579722479814407692495225684332863",
                "39539486003013522049608937787611466393",
                "246476676816137247473831962818237448026",
                "335009558084391116747953582065464974864",
                "123133674041330844459310121585741650810",
                "10845464845800182800930478827899156756",
                "82354483932027163043918231973686500309",
                "100381715971144982694976537281485979895",
                "155352436137415831665578477263618609601",
                "95491293699046982585770086414228047956",
                "188891531721186369487323952309948663828",
                "279137084820016730480753291199418815614",
                "164496307841070179657773006934556754404",
                "125235467816935585620280476789153445936",
                "106976968521014027950565027855516291338",
                "294783748254981201410023940614038535312",
                "197891360471463700242782738017267289629",
                "215843620904314785241951087549239462918",
                "283076657572558445909752483752179632622",
                "204906379781621035441833925514356134887",
                "14973599023740517374568784902304568022",
                "310471899262468619281775099588120822972",
                "116273437404207121054980488101993981544",
                "251627273515457659877272627416849203930",
                "173908992094598158569317543287135602761",
                "83149265597370038969245635014808694140",
                "193586799978581750804093513761513619606"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/opensearch/commit/744ca260b892d119be8164f48d92b8810bd7801c",
        "deprecated": false,
        "target": {
            "file": "server/src/main/java/org/opensearch/index/mapper/AbstractPointGeometryFieldMapper.java"
        }
    },
    {
        "id": "CVE-2022-41918-7e7401a4",
        "digest": {
            "function_hash": "294108489770333174010132037324844163732",
            "length": 1027.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "getResolvedIndexPattern",
            "file": "src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java"
        }
    },
    {
        "id": "CVE-2022-41918-906430fe",
        "digest": {
            "line_hashes": [
                "304839939921860648025146931493383880770",
                "114824905897582127923213642326210500463",
                "279282111741171071780837385092493668260",
                "230484571854701085785817296781336459921",
                "163031644383687259557961007999565872328",
                "210306569907450714725336597611909073798",
                "322967534684329559786359980029194356725",
                "99764264942043381494496359371697479573",
                "266456712856741126297076607667905475792",
                "213028920204091298750111556879529391686",
                "83265420109879833198405307683372454834",
                "67429226484931028311238673280342925629",
                "91105338395687701043839099980540564837",
                "6450162401299574315445497086149522729"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/security/DataStreamIntegrationTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-96751c7d",
        "digest": {
            "function_hash": "13364759679334999557378171629924440638",
            "length": 471.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/opensearch/commit/744ca260b892d119be8164f48d92b8810bd7801c",
        "deprecated": false,
        "target": {
            "function": "reconstructArrayXContent",
            "file": "server/src/main/java/org/opensearch/index/mapper/AbstractPointGeometryFieldMapper.java"
        }
    },
    {
        "id": "CVE-2022-41918-a5015401",
        "digest": {
            "function_hash": "177015297970552032179796422297282209308",
            "length": 1193.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testMultipleConcreteIndicesWithOneAlias",
            "file": "src/test/java/org/opensearch/security/securityconf/impl/v7/IndexPatternTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-a89e203b",
        "digest": {
            "line_hashes": [
                "157639417100125556875140226556329778119",
                "39332545010403953370335241303781971654",
                "95895900298352061382906362055012717225",
                "107195619093693570336330093161567756532",
                "82797253965665218830239723304419389690",
                "236978715830984851196280058505569856466"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/security/PitIntegrationTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-a9f4437d",
        "digest": {
            "function_hash": "335887108310174375250011577907427146906",
            "length": 1514.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testDataStreamWithPits",
            "file": "src/test/java/org/opensearch/security/PitIntegrationTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-b5d5e397",
        "digest": {
            "function_hash": "48399475011060540466766896048124358509",
            "length": 247.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/opensearch/commit/744ca260b892d119be8164f48d92b8810bd7801c",
        "deprecated": false,
        "target": {
            "function": "createParser",
            "file": "server/src/main/java/org/opensearch/index/mapper/AbstractPointGeometryFieldMapper.java"
        }
    },
    {
        "id": "CVE-2022-41918-c5bdef0b",
        "digest": {
            "line_hashes": [
                "304839939921860648025146931493383880770",
                "114824905897582127923213642326210500463",
                "279282111741171071780837385092493668260",
                "230484571854701085785817296781336459921",
                "163031644383687259557961007999565872328",
                "210306569907450714725336597611909073798",
                "322967534684329559786359980029194356725",
                "99764264942043381494496359371697479573",
                "266456712856741126297076607667905475792",
                "213028920204091298750111556879529391686",
                "83265420109879833198405307683372454834",
                "67429226484931028311238673280342925629",
                "91105338395687701043839099980540564837",
                "6450162401299574315445497086149522729"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/f7cc569c9d3fa5d5432c76c854eed280d45ce6f4",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/security/DataStreamIntegrationTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-c7031750",
        "digest": {
            "function_hash": "268258379426869773822894507879484586241",
            "length": 1569.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/anomaly-detection/commit/1bf862b9bbd72de150b62356e95b8ee6e9f11811",
        "deprecated": false,
        "target": {
            "function": "testDeserializeTRCFModel",
            "file": "src/test/java/org/opensearch/ad/ml/CheckpointDaoTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-cb02482a",
        "digest": {
            "function_hash": "56268870803881870005230508140374584424",
            "length": 1352.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "function": "testMultipleConcreteAliasedAndUnresolved",
            "file": "src/test/java/org/opensearch/security/securityconf/impl/v7/IndexPatternTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-cd4c1c66",
        "digest": {
            "line_hashes": [
                "170494040449943166722294887993724282923",
                "71503735865927709349329228653077700459",
                "38097828152124527898574682978502692851",
                "2324650910766934694111590988961238676",
                "88112275390130018182485768905379614948",
                "311019332360114647262887612165227593368",
                "217375664822843649988019698342119348462",
                "198806002937892200415775290128948927099"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/opensearch/commit/744ca260b892d119be8164f48d92b8810bd7801c",
        "deprecated": false,
        "target": {
            "file": "server/src/test/java/org/opensearch/index/mapper/GeoPointFieldMapperTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-e129fb39",
        "digest": {
            "function_hash": "42028553468816119098304692570194140072",
            "length": 2007.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/f7cc569c9d3fa5d5432c76c854eed280d45ce6f4",
        "deprecated": false,
        "target": {
            "function": "testBackingIndicesOfDataStream",
            "file": "src/test/java/org/opensearch/security/DataStreamIntegrationTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-e2f6be2f",
        "digest": {
            "function_hash": "248921983859889504221658662936103872006",
            "length": 417.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/opensearch/commit/744ca260b892d119be8164f48d92b8810bd7801c",
        "deprecated": false,
        "target": {
            "function": "testLatLonInArrayMoreThanThreeValues",
            "file": "server/src/test/java/org/opensearch/index/mapper/GeoPointFieldMapperTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-e5921c96",
        "digest": {
            "line_hashes": [
                "75923945005803513679238543808349686941",
                "215197920071175680155699009676477820184",
                "249951776961905760540647555739583814865",
                "97768805283861829065334173221268237582",
                "154707291322054563930136312590658826380"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/security/commit/bca461296d1c54f49e4d139316c855f9ca37be26",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java"
        }
    },
    {
        "id": "CVE-2022-41918-e7d96ad0",
        "digest": {
            "line_hashes": [
                "74999161607339369302246486548722013515",
                "331654741017039618897214737826080373175",
                "242400699683402521130385429679470978515",
                "14288849670986151895276425634239014606",
                "48293227543804605485749147679819442287",
                "233564884399080233060973457834074608021",
                "198658597595291339366835687978977130701",
                "134069994519578208471988178467839830807",
                "14691847253493116405349887254614938751",
                "193326693561257596907395285748170354967",
                "286696334717236037067817516725650375639",
                "187446307405698346313631927133908820728",
                "275923403730748353668797899065846350830",
                "144868421321935859159718940492258168481"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/opensearch-project/anomaly-detection/commit/8e430e3b0696b3ae24a21eac953e870d935f5226",
        "deprecated": false,
        "target": {
            "file": "src/test/java/org/opensearch/ad/e2e/DetectionResultEvalutationIT.java"
        }
    },
    {
        "id": "CVE-2022-41918-e7efffae",
        "digest": {
            "function_hash": "205572322480542887554609209692216585020",
            "length": 1389.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/anomaly-detection/commit/8e430e3b0696b3ae24a21eac953e870d935f5226",
        "deprecated": false,
        "target": {
            "function": "testValidationWindowDelayRecommendation",
            "file": "src/test/java/org/opensearch/ad/e2e/DetectionResultEvalutationIT.java"
        }
    },
    {
        "id": "CVE-2022-41918-f6f85ef0",
        "digest": {
            "function_hash": "294108489770333174010132037324844163732",
            "length": 1027.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/security/commit/f7cc569c9d3fa5d5432c76c854eed280d45ce6f4",
        "deprecated": false,
        "target": {
            "function": "getResolvedIndexPattern",
            "file": "src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java"
        }
    },
    {
        "id": "CVE-2022-41918-fe41aeee",
        "digest": {
            "function_hash": "328781368053030034306533204129282601972",
            "length": 671.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/anomaly-detection/commit/1bf862b9bbd72de150b62356e95b8ee6e9f11811",
        "deprecated": false,
        "target": {
            "function": "testDeserializeRCFModelPostINIT",
            "file": "src/test/java/org/opensearch/ad/ml/CheckpointDaoTests.java"
        }
    },
    {
        "id": "CVE-2022-41918-ff70d01f",
        "digest": {
            "function_hash": "40675771172524671681349395243778069239",
            "length": 998.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/opensearch-project/opensearch/commit/744ca260b892d119be8164f48d92b8810bd7801c",
        "deprecated": false,
        "target": {
            "function": "parse",
            "file": "server/src/main/java/org/opensearch/index/mapper/AbstractPointGeometryFieldMapper.java"
        }
    }
]