Количество 4
Количество 4
CVE-2023-25806
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.
GHSA-c6wg-cm5x-rqvj
OpenSearch has time discrepancy in authentication responses
BDU:2025-04194
Уязвимость программного пакета OpenSearch, связанная с раскрытием информации через несоответствие, позволяющая нарушителю оказать воздействие на целостность данных
ROS-20250403-11
Уязвимость opensearch
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-25806 OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds. | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
| GHSA-c6wg-cm5x-rqvj OpenSearch has time discrepancy in authentication responses | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
 | BDU:2025-04194 Уязвимость программного пакета OpenSearch, связанная с раскрытием информации через несоответствие, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
 | ROS-20250403-11 Уязвимость opensearch | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу