VDB

CVE-2023-23612

CVE-2023-23612 PUBLISHED CVSS 4.699999809265137 MEDIUM

OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and trailing whitespace is trimmed, allowing users to potentially claim roles they are not assigned to if any role matches the whitespace-stripped version of the roles they are a member of. This issue is only present for authenticated users, and it requires either the existence of roles that match, not considering leading/trailing whitespace, or the ability for users to create said matching roles. In addition, the Identity Provider must allow leading and trailing spaces in role names. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. There are no known workarounds for this issue.

EPSS 0.19% · 40.4th percentile

Risk Scores

CVSS v3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.19%
40.4th percentile

Affected Products

VendorProductVersions
Mavenorg.opensearch.plugin:opensearch-security0, 2.0.0, 2.0.0
amazonopensearch2.0.0, 1.0.0, 1.0.0
opensearch-projectsecurity*, >= 2.0.0, < 2.5.0

Timeline

  • Jan 24, 2023 CVE Published
  • Jan 25, 2023 EPSS Score
  • Mar 6, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 16, 2023 EPSS Score
  • May 26, 2023 EPSS Score
  • Jul 5, 2023 EPSS Score
  • Aug 15, 2023 EPSS Score
  • Sep 24, 2023 EPSS Score
  • Nov 3, 2023 EPSS Score
  • Dec 13, 2023 EPSS Score
  • Jan 23, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›