CVE-2023-23933

MEDIUM

OpenSearch - Info Disclosure

Title source: llm

Description

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue.

References (1)

[Third Party Advisory] https://github.com/opensearch-project/anomaly-detection/security/advisories/GHSA-47qw-jwpx-pp4c

Scores

CVSS v3 4.3

EPSS 0.0034

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-125

Status published

Affected Products (1)

amazon/opensearch < 1.3.8

Timeline

Published Feb 03, 2023

Tracked Since Feb 18, 2026