OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-11-15T00:00:00
Updated: 2024-08-03T12:56:38.553Z
Reserved: 2022-09-30T00:00:00
Link: CVE-2022-41918
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-15T23:15:28.283
Modified: 2024-11-21T07:24:03.990
Link: CVE-2022-41918
Redhat
No data.