#VU101750 Improper Authentication in OpenSearch - CVE-2023-23612

Cybersecurity Help s.r.o.

Published: 2024-12-12

Vulnerability identifier: #VU101750

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-23612

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSearch
Other software / Other software solutions

Vendor: OpenSearch

Description

The vulnerability allows a remote privileged user to bypass authentication process.

The vulnerability exists due to a flaw in with whitespace in JWT roles. A remote privileged user can bypass authentication process and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSearch: before 1.3.8

External links
https://github.com/opensearch-project/OpenSearch/releases/tag/2.5.0
https://github.com/opensearch-project/security/security/advisories/GHSA-864v-6qj7-62qj

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cognos Dashboards on Cloud Pak for Data

Improper authentication in OpenSearch