logo

Database

Authentication mechanism absence or evasion In org.opensearch.plugin:opensearch-security

Description

OpenSearch vulnerable to improper authorization for Rollover Requests

Description

A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user with rollover permissions on a source index to create a new index with a name they are not authorized to use.

Impact

A user with indices:admin/rollover permission on a source index pattern could roll over to a target index name outside their authorized index patterns. This is limited to index creation via the rollover API and requires the user to already have rollover privileges on the source index.

Patches

This issue is fixed in OpenSearch 2.19.4 and 3.2.0

Workarounds

Grant the indices:admin/rollover permission only to fully trusted users.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-22vx-2x23-98w62. GCVE-GHSA-22vx-2x23-98w6

References

1. https://github.com/opensearch-project/security/security/advisories/GHSA-22vx-2x23-98w6

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.