Skip to main content

Opensearch CVE-2023-23612

HIGH
Improper Authentication (CWE-287)
2023-01-26 security-advisories@github.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 26, 2023 - 21:18 nvd
HIGH 8.8

DescriptionNVD

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and trailing whitespace is trimmed, allowing users to potentially claim roles they are not assigned to if any role matches the whitespace-stripped version of the roles they are a member of. This issue is only present for authenticated users, and it requires either the existence of roles that match, not considering leading/trailing whitespace, or the ability for users to create said matching roles. In addition, the Identity Provider must allow leading and trailing spaces in role names. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. There are no known workarounds for this issue.

AnalysisAI

OpenSearch is an open source distributed and RESTful search engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and trailing whitespace is trimmed, allowing users to potentially claim roles they are not assigned to if any role matches the whitespace-stripped version of the roles they are a member of. This issue is only present for authenticated users, and it requires either the existence of roles that match, not considering leading/trailing whitespace, or the ability for users to create said matching roles. In addition, the Identity Provider must allow leading and trailing spaces in role names. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. There are no known workarounds for this issue. Affected products include: Amazon Opensearch.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2022-31115 HIGH POC
8.8 Jun 30

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vuln

CVE-2025-9624 HIGH POC
8.3 Nov 25

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string input

CVE-2022-35980 HIGH
7.5 Aug 12

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Rated high seve

CVE-2023-23613 MEDIUM
6.5 Jan 26

OpenSearch is an open source distributed and RESTful search engine. Rated medium severity (CVSS 6.5), this vulnerability

CVE-2022-41918 MEDIUM
6.3 Nov 15

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 6.3), this v

CVE-2023-31141 MEDIUM
5.9 May 08

OpenSearch is open-source software suite for search, analytics, and observability applications. Rated medium severity (C

CVE-2023-45807 MEDIUM
5.4 Oct 16

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 202

CVE-2023-25806 MEDIUM
5.3 Mar 02

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Rated medium se

CVE-2023-23933 MEDIUM
4.3 Feb 03

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. Rated medium severity (CVSS

CVE-2022-41917 MEDIUM
4.3 Nov 16

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 4.3), this v

Share

CVE-2023-23612 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy