How severe is CVE-2023-45807?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-45807?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2023-45807 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.

Related Vulnerabilities

CVE-2021-21379

MEDIUM

CVSS:5.4(Medium)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with th...

CWE-2812021

CVE-2023-49932

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.

CWE-2812023

CVE-2024-22402

MEDIUM

CVSS:5.4(Medium)

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to...

CWE-2812024

CVE-2025-21541

MEDIUM

CVSS:5.4(Medium)

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerabil...

CWE-2812025

CVE-2025-21544

MEDIUM

CVSS:5.4(Medium)

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7...

CWE-2812025

CVE-2020-16910

MEDIUM

CVSS:5.5(Medium)

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firm...

CWE-2812020