How severe is CVE-2022-41918?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2022-41918?

This is classified as CWE-612, which is a common weakness in software security.

CVE-2022-41918 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2023-4560

MEDIUM

CVSS:6.5(Medium)

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.

CWE-6122023

CVE-2024-49071

MEDIUM

CVSS:6.5(Medium)

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.

CWE-6122024

CVE-2022-35980

HIGH

CVSS:7.5(High)

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure v...

CWE-6122022

CVE-2024-25635

HIGH

CVSS:8.8(High)

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26...

CWE-6122024

CVE-2022-35980

HIGH

CVSS:7.5(High)

CWE-6122022

CVE-2023-4560

MEDIUM

CVSS:6.5(Medium)

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.

CWE-6122023