How severe is CVE-2023-31141?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-31141?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-31141 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.

Related Vulnerabilities

CVE-2019-25017

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, th...

CWE-8632019

CVE-2021-27195

MEDIUM

CVSS:5.9(Medium)

Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.

CWE-8632021

CVE-2023-39363

CRITICAL

CVSS:5.9(Medium)

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named...

CWE-8632023

CVE-2023-46753

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.

CWE-8632023

CVE-2024-34701

MEDIUM

CVSS:5.9(Medium)

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki i...

CWE-8632024

CVE-2018-15468

MEDIUM

CVSS:6.0(Medium)

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtual...

CWE-8632018