Lookup for vulnerable packages by Package URL.
| Purl | pkg:maven/org.opensearch.plugin/opensearch-security@2.4.0 |
|---|
| Type | maven |
|---|
| Namespace | org.opensearch.plugin |
|---|
| Name | opensearch-security |
|---|
| Version | 2.4.0 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 1.3.7 |
|---|
| Latest_non_vulnerable_version | 2.11.0.0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-2mte-5ys1-ekbc |
| vulnerability_id |
VCID-2mte-5ys1-ekbc |
| summary |
Incorrect Authorization
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-41918, GHSA-wmx7-x4jp-9jgg
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2mte-5ys1-ekbc |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:maven/org.opensearch.plugin/opensearch-security@2.4.0 |
|---|