CVE-2023-31141

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-31141

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31141.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-31141

Aliases

GHSA-g8xc-6mf7-h28h

Related

UBUNTU-CVE-2023-31141

Published

2023-05-08T21:15:11Z

Modified

2024-09-03T04:31:38.286887Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.

References

https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h

Affected packages

Git / github.com/opensearch-project/anomaly-detection

Affected ranges

Type: GIT
Repo: https://github.com/opensearch-project/anomaly-detection
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ecb2f8c157edf73ef655fc5c3f6791cc012db992

Type: GIT
Repo: https://github.com/opensearch-project/opensearch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b2150b9f6f6c8a15059ef415d3e24bdedd3e253c

Type: GIT
Repo: https://github.com/opensearch-project/security
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

87c8e468f4c47bea0a140b52e39197aef4ff45ba

Affected versions

Other

(None)

1.*

1.0.0-alpha1

1.0.0-alpha2

1.0.0-beta1

1.0.0.0

1.0.0.0-beta1

1.0.0.0-rc1

1.1.0.0

1.3.0

1.3.0.0

1.3.1

1.3.1.0

1.3.2

1.3.2.0

1.3.3

1.3.3.0

1.3.4

1.3.4.0

1.3.5

1.3.5.0

1.3.6

1.3.6.0

1.3.7

1.3.7.0

1.3.8

1.3.8.0

1.3.9

1.3.9.0

v0.*

v0.7.0.0

v0.7.0.1

v0.8.0.0

v0.9.0.0

v1.*

v1.0.0.0

v1.0.0.0-beta1

v1.0.0.0-beta1-rc1

v1.0.0.0-beta1-rc2

v1.0.0.0-beta1-rc3

v1.0.0.0-rc1

v1.0.1.0-OS-rc1

v1.1.0.0

v1.10.0.0

v1.10.0.0-rc1

v1.10.1.0

v1.10.1.0-rc1

v1.10.1.0-rc2

v1.11.0.0

v1.11.0.0-rc1

v1.12.0.0

v1.12.0.0-rc

v1.13.0.0

v1.13.0.0-rc1

v1.13.0.0-rc2

v1.13.0.0-rc3

v1.13.0.0-rc4

v1.13.1.0

v1.13.1.0-rc1

v1.13.1.0-rc2

v1.2.1-alpha

v1.3.0.0

v1.4.0.0

v1.5.0.0

v1.5.0.1

v1.6.0.0

v1.7.0.0

v1.8.0.0

v1.9.0.0

v1.9.0.0-rc1

v1.9.0.0-rc2

v1.9.0.1