CVE-2023-45807
- Source
- https://cve.org/CVERecord?id=CVE-2023-45807
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45807.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-45807
- Aliases
- Downstream
- Published
- 2023-10-16T21:33:23.124Z
- Modified
- 2026-02-12T00:32:24.211212Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- OpenSearch Issue with tenant read-only permissions
- Details
-
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-281" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45807.json" }- References
Affected packages
Git
github.com/opensearch-project/anomaly-detection
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"length": 2331.0,
"function_hash": "288181310925633561033735279958826060735"
},
"signature_version": "v1",
"target": {
"function": "setUp",
"file": "src/test/java/org/opensearch/ad/task/ADTaskManagerTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-03f3b637",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"333996678324015675617161920420449571461",
"153555612291262169352905220100440524026",
"52062222200532340097109985883072310725",
"217351852558141745404403315993222094578",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"179795208446852643417699349056571582328",
"187847704125532906128771856836968743331",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"179795208446852643417699349056571582328",
"187847704125532906128771856836968743331",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"179795208446852643417699349056571582328",
"281060547353243176855799939191729996689",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"179795208446852643417699349056571582328",
"187847704125532906128771856836968743331"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/RCFResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-19238a13",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 682.0,
"function_hash": "309963227529355495416654166019605423252"
},
"signature_version": "v1",
"target": {
"function": "testExecutionException",
"file": "src/test/java/org/opensearch/ad/transport/ThresholdResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-27cf1585",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1219.0,
"function_hash": "17997600880129736856127707455951335468"
},
"signature_version": "v1",
"target": {
"function": "testNormal",
"file": "src/test/java/org/opensearch/ad/transport/RCFResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-2b45a041",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"161581255517254264073020651302371514418",
"187589679258909565612086379596573586023",
"105472867667885914664125726658343170378",
"92712543452781819372490871867923346076",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"167997536215888607738961167327497136492",
"205986284713300330604193009832362290836"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/SearchAnomalyResultActionTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-3591ceea",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"104605924657674808679136739029096162531",
"180845291328447294658500416547736859973",
"112697516184517051373445502897368918510",
"279808369467878619285592421526600053407",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"262616950629359010955840131326966664699",
"196077767561096403145694433605890764640"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/RCFPollingTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-3bd41dfe",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1859.0,
"function_hash": "10553152627369675182477754429505855621"
},
"signature_version": "v1",
"target": {
"function": "FakeNode",
"file": "src/test/java/test/org/opensearch/ad/util/FakeNode.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-441232cc",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"265233373700197892963761376907474942457",
"186701399694650115019653487490356721670",
"65399504259015363303705679132483859194",
"127161880035784289614159593233038320930",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"337523850815275435729026510420840599449",
"23845421331237174201629539667726356478"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/GetAnomalyDetectorTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-51a96b31",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"321256979768153549597873954857962188487",
"145462734876194645811388456582274691038",
"180128804504834460673029955392939687558",
"152846892935217957499507813516417304166",
"46933127910732727345639156376620224185",
"322409150013087227568052281620816468753",
"277174549726087498191327557568103953323",
"178539414147780001284749286697843486912",
"183330256464331962223954539801848542497"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/task/ADTaskManagerTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-5ea8b200",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1040.0,
"function_hash": "235594296241484171672137549389732608113"
},
"signature_version": "v1",
"target": {
"function": "testCircuitBreaker",
"file": "src/test/java/org/opensearch/ad/transport/RCFResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-75f3a520",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 863.0,
"function_hash": "155669370206510552391194362872974245079"
},
"signature_version": "v1",
"target": {
"function": "testNormal",
"file": "src/test/java/org/opensearch/ad/transport/ThresholdResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-76a98810",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"8095145409243409910600206247964196784",
"293136690647673174613454669017928537917",
"207685240341991285098554737002679172554",
"116705696446189491390865277006182336647",
"211230078215868241697465647538112984175",
"336153553747093110180895093176266924080",
"331968939237190373509898045018965229579",
"225030822699774928068590137426863845347",
"59505084763300106795229147105619980322",
"332694618164787171963420654240810518141",
"76377552482810414379033017201823976662",
"184551205936273461718776063994920592136"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/test/org/opensearch/ad/util/FakeNode.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-86abb44d",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"285799979302831289371917184607378710482",
"335235499464860902148926167207784414546",
"10781989488246072038525752312641807146",
"17516790897966618228654301307818775926",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"167997536215888607738961167327497136492",
"100623987748559531335444920032242084570"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/DeleteAnomalyDetectorTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-937025f7",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"104605924657674808679136739029096162531",
"180845291328447294658500416547736859973",
"112697516184517051373445502897368918510",
"279808369467878619285592421526600053407",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"267824471053211873835622987775370150276",
"312792966421883531572934331283159087494"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/EntityProfileTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-94e52afa",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1114.0,
"function_hash": "253072627266938566002856770792108463871"
},
"signature_version": "v1",
"target": {
"function": "setUp",
"file": "src/test/java/org/opensearch/ad/transport/GetAnomalyDetectorTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-99174d6c",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"333996678324015675617161920420449571461",
"153555612291262169352905220100440524026",
"52062222200532340097109985883072310725",
"217351852558141745404403315993222094578",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"179795208446852643417699349056571582328",
"55710918247161318568209429468420467757",
"75034954358049522881520948793014215209",
"113087744324064596931360026372192605696",
"179795208446852643417699349056571582328",
"55710918247161318568209429468420467757"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/test/java/org/opensearch/ad/transport/ThresholdResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-a42787de",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 2165.0,
"function_hash": "244814503058125523027836422606397515317"
},
"signature_version": "v1",
"target": {
"function": "setUp",
"file": "src/test/java/org/opensearch/ad/transport/RCFPollingTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-a7b01b83",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1180.0,
"function_hash": "131011901112313846516074071855604413771"
},
"signature_version": "v1",
"target": {
"function": "testCorruptModel",
"file": "src/test/java/org/opensearch/ad/transport/RCFResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-d9d4919c",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1202.0,
"function_hash": "22636361709864260014401017012580671488"
},
"signature_version": "v1",
"target": {
"function": "setUp",
"file": "src/test/java/org/opensearch/ad/transport/DeleteAnomalyDetectorTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-e9afbba4",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 829.0,
"function_hash": "74966277839245807399995597971904164434"
},
"signature_version": "v1",
"target": {
"function": "testExecutionException",
"file": "src/test/java/org/opensearch/ad/transport/RCFResultTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-f89463d2",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1192.0,
"function_hash": "333361801100409473193512450750583565987"
},
"signature_version": "v1",
"target": {
"function": "setUp",
"file": "src/test/java/org/opensearch/ad/transport/SearchAnomalyResultActionTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-fecb15f7",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 2961.0,
"function_hash": "228459691868388980464096045317788908525"
},
"signature_version": "v1",
"target": {
"function": "setUp",
"file": "src/test/java/org/opensearch/ad/transport/EntityProfileTests.java"
},
"source": "https://github.com/opensearch-project/anomaly-detection/commit/35d476461feba246a2eea705e75d99553b495d0c",
"id": "CVE-2023-45807-ff55b35f",
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45807.json"
github.com/opensearch-project/security
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensearch-project/security
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"196722047004908126995486175386035642591",
"12927933987846580167839279080665571247",
"319355490354213550454750291265459417140",
"9465131887050194559200850585175892498"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java"
},
"source": "https://github.com/opensearch-project/security/commit/bc03bd4746e3b1e23dec8d615d70e1d841cb6dc1",
"id": "CVE-2023-45807-16f40582",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 458.0,
"function_hash": "88514984412699937588195388764958323995"
},
"signature_version": "v1",
"target": {
"function": "shouldImpersonateUser_negativeJean",
"file": "src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java"
},
"source": "https://github.com/opensearch-project/security/commit/bc03bd4746e3b1e23dec8d615d70e1d841cb6dc1",
"id": "CVE-2023-45807-261e08b0",
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45807.json"