CVE-2023-31141
- Source
- https://cve.org/CVERecord?id=CVE-2023-31141
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31141.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-31141
- Aliases
- Downstream
- Published
- 2023-05-08T20:33:58.601Z
- Modified
- 2026-02-12T00:55:09.707841Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- OpenSearch issue with fine-grained access control during extremely rare race conditions
- Details
-
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31141.json", "cwe_ids": [ "CWE-863" ] }- References
Affected packages
Git
github.com/opensearch-project/anomaly-detection
github.com/opensearch-project/opensearch
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-31141.json"
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2023-31141-1c641e4a",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "5756378763277159257205971695528604029",
"length": 502.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testCreateSearchableSnapshotWithChunks"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-1daf3c4c",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"threshold": 0.9,
"line_hashes": [
"129345768623793259266581369174869673798",
"89999102824515399516675583476455393301",
"72693493658590992470198837322419552840",
"243916979723486310843887582020561225069",
"264622679832315348253592428824051832638",
"320350971627914456427545839178965862598",
"71601822759165976677111355562125051195",
"143138293465087258069458622803455587748",
"93613827757483070939253005060992076929",
"22572647976082339780758341726535533677"
]
},
"target": {
"file": "server/src/main/java/org/opensearch/snapshots/RestoreService.java"
},
"signature_type": "Line",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-221c0f0a",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"threshold": 0.9,
"line_hashes": [
"5537734376540317134902033736443228727",
"329061080066321160016350746737862042012",
"321586057311454449027382334726888387438",
"60431921887807127021006404746410778737",
"68640858005384046770946259356730527459",
"40781488850710964261369272336597166709",
"41357547087551300326682916144572924559",
"309639019977927704009612861706310383626",
"280738283385407749760931075581949639467",
"152537579802095273639967685204083527978",
"167553843332366943677595486464680391802",
"240454360840683495484225810597223627830",
"147942876082226720442454683561508111285",
"93616384115284419588438714978910444113",
"91764857755843068008643274053595539100",
"218101864245954947596865560572353656423",
"257821147292341696170875607101941147170",
"66634359107753057006622950191561567980",
"221091191949559080450444570409169819905",
"23850208137776968404468957359716455783",
"91971071479757684705057157100456396543",
"230201864400808686334228685923381961766",
"293625797013541445149649828980081191242",
"294735000743361363074902539345938993082",
"4094911234083469120152350925538244550",
"77323350577058743959528422114375846964",
"171756876794521415889230874306627043881",
"132321416409465875965323829784566876576",
"21460688664191757001884477957438508236",
"334004439530129367407968458352921565093",
"41799671065480603749759733104417315066",
"66944213276135418363024191416454001075",
"76996323551308488512483210748480195085",
"79331908283117865137779441762894402425",
"231944283076385786883703402214755605281",
"4094911234083469120152350925538244550",
"99396752511777204876084915527398074008",
"84034710944016524823634025217551009923",
"226478331752963361844042885260490524914",
"91971071479757684705057157100456396543",
"230201864400808686334228685923381961766",
"328377635328191794676393202224008751541",
"67145472847313052181625230441259678936",
"120402068203863197252611586589897840598",
"51423638216787440122085314918556572278",
"142782825516785082551407033498795425086",
"39769244533898056062149531758237380205",
"66634359107753057006622950191561567980",
"308320966324857995200026584324466920",
"13027510379768748075490516674910945577",
"329223139793143768867870110256350020832"
]
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java"
},
"signature_type": "Line",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-3a0181a7",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "241655463586225443691616481490424290883",
"length": 769.0
},
"target": {
"file": "server/src/main/java/org/opensearch/snapshots/RestoreService.java",
"function": "addSnapshotToIndexSettings"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-5634756b",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "252123002699142891325222165294949048694",
"length": 491.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testPruneFileCacheOnIndexDeletion"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-59fdd779",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "191065210629172186704534320634584844054",
"length": 766.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testCreateSearchableSnapshot"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-83b394da",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "338186898508621988859801994332743189126",
"length": 362.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "createIndexWithDocsAndEnsureGreen"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-8f22830e",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "241632196872913397165412081873104285228",
"length": 996.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testSearchableSnapshotAllocationForFailoverAndRecovery"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-a96c93c2",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "233539456361273365804340278249661131593",
"length": 470.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testSearchableSnapshotAllocationForLocalAndRemoteShardsOnSameNode"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-ae127692",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "223579872837145656522378004559238852615",
"length": 689.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testCacheIndexFilesClearedOnDelete"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-e88a4cc6",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "231184595991442635606770355241252897189",
"length": 696.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testSearchableSnapshotIndexIsReadOnly"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-f67763df",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "340169360497078216629455203831094308234",
"length": 1238.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testFileCacheRestore"
},
"signature_type": "Function",
"deprecated": false
},
{
"signature_version": "v1",
"id": "CVE-2023-31141-f782346e",
"source": "https://github.com/opensearch-project/opensearch/commit/b7a6e09e492b1e965d827525f7863b366ef0e304",
"digest": {
"function_hash": "133825621670563839916428222488976856314",
"length": 471.0
},
"target": {
"file": "server/src/internalClusterTest/java/org/opensearch/snapshots/SearchableSnapshotIT.java",
"function": "testUpdateIndexSettings"
},
"signature_type": "Function",
"deprecated": false
}
]