[BUG] PATCH method for the internal user REST API does not validate security roles

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields

https://opensearch.org/docs/latest/security-plugin/index/

Apache License 2.0

181 stars 264 forks source link

[BUG] PATCH method for the internal user REST API does not validate security roles #4514

Open willyborankin opened 3 days ago

willyborankin commented 3 days ago

What is the bug? The PATCH method for the internal user REST API does not validate security roles

What is the expected behavior? A clear and concise description of what you expected to happen.

What is your host/environment?

OS: [e.g. iOS]
Version [e.g. 22]
Plugins

Do you have any screenshots? If applicable, add screenshots to help explain your problem.

Do you have any additional context? Add any other context about the problem.