Количество 4
Количество 4
CVE-2023-25806
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.
ROS-20250403-11
Уязвимость opensearch
GHSA-c6wg-cm5x-rqvj
OpenSearch has time discrepancy in authentication responses
BDU:2025-04194
Уязвимость программного пакета OpenSearch, связанная с раскрытием информации через несоответствие, позволяющая нарушителю оказать воздействие на целостность данных
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-25806 OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds. | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
 | ROS-20250403-11 Уязвимость opensearch | CVSS3: 5.3 | 0% Низкий | 3 месяца назад |
| GHSA-c6wg-cm5x-rqvj OpenSearch has time discrepancy in authentication responses | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
 | BDU:2025-04194 Уязвимость программного пакета OpenSearch, связанная с раскрытием информации через несоответствие, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу