Home > Vulnerability Database > CVE-2023-45807

Mend.io Vulnerability Database

CVE-2023-45807

Good to know:

Date: October 16, 2023

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.

Language: Java

Severity Score

5.4

Related Resources (3)

Url: https://github.com/opensearch-project/security/security/advisories/GHSA-72q2-gwwf-6hrv

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45807

Url: https://www.mend.io/vulnerability-database/CVE-2023-45807

Severity Score

5.4

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

Top Fix

Upgrade Version

Upgrade to version 1.3.14.0, 2.11.0.0

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45807

Good to know:

Date: October 16, 2023

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?