Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Amazon Subscribe
Filtered by product Opensearch Security
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25806 1 Amazon 2 Opensearch, Opensearch Security 2023-03-09 N/A 5.3 MEDIUM
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.