Opensearch-project Security
7 CVEs affecting Opensearch-project Security. Latest disclosed: 2023-10-16. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-35980 | High | 7.5 | 2022-08-12 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin ar… |
CVE-2022-41918 | Medium | 6.3 | 2022-11-15 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules… |
CVE-2023-23613 | Medium | 5.7 | 2023-01-24 | OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS)… |
CVE-2023-45807 | Medium | 5.4 | 2023-10-16 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implement… |
CVE-2023-25806 | Medium | 5.3 | 2023-03-02 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authenticati… |
CVE-2023-31141 | Medium | 4.8 | 2023-05-08 | OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the… |
CVE-2023-23612 | Medium | 4.7 | 2023-01-24 | OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when th… |