pkg:maven/org.opensearch.plugin/opensearch-security
Type
maven
Namespace
org.opensearch.plugin
Name
opensearch-security
Known advisories, vulnerabilities and fixes for org.opensearch.plugin/opensearch-security package.
High
2
Moderate
4
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 1.3.14.0 >= 2.0.0.0, < 2.11.0.0 |
CVE-2023-45807
|
 MAVEN:GHSA-72Q2-GWWF-6HRV
|
OpenSearch Issue with tenant read-only permissions | moderate |
2023-10-17T14:25:36
(11 months ago) |
|
| Fixed | = 1.3.14.0 = 2.11.0.0 |
CVE-2023-45807
|
MAVEN:GHSA-72Q2-GWWF-6HRV
|
OpenSearch Issue with tenant read-only permissions | moderate |
2023-10-17T14:25:36
(11 months ago) |
|
| Affected | >= 2.0.0.0, < 2.11.0.0 < 1.3.14.0 |
MAVEN:GHSA-8WX3-324G-W4QQ
|
OpenSearch uncontrolled resource consumption | high |
2023-10-17T14:24:48
(11 months ago) |
||
| Fixed | = 2.11.0.0 = 1.3.14.0 |
MAVEN:GHSA-8WX3-324G-W4QQ
|
OpenSearch uncontrolled resource consumption | high |
2023-10-17T14:24:48
(11 months ago) |
||
| Affected | >= 2.0.0, < 2.6.0 < 1.3.9 |
CVE-2023-25806
|
MAVEN:GHSA-C6WG-CM5X-RQVJ
|
OpenSearch has time discrepancy in authentication responses | moderate |
2023-03-07T17:38:38
(18 months ago) |
|
| Fixed | = 2.6.0 = 1.3.9 |
CVE-2023-25806
|
MAVEN:GHSA-C6WG-CM5X-RQVJ
|
OpenSearch has time discrepancy in authentication responses | moderate |
2023-03-07T17:38:38
(18 months ago) |
|
| Affected | >= 2.0.0.0, <= 2.1.0.0 |
CVE-2022-35980
|
MAVEN:GHSA-F4QR-F4XX-HJXW
|
OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information | high |
2022-08-12T17:31:58
(2 years ago) |
|
| Fixed | = 2.2.0.0 |
CVE-2022-35980
|
MAVEN:GHSA-F4QR-F4XX-HJXW
|
OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information | high |
2022-08-12T17:31:58
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.7.0.0 >= 1.0.0, < 1.3.10.0 |
CVE-2023-31141
|
MAVEN:GHSA-G8XC-6MF7-H28H
|
OpenSearch issue with fine-grained access control during extremely rare race conditions | moderate |
2023-05-09T21:25:06
(16 months ago) |
|
| Fixed | = 2.7.0.0 = 1.3.10.0 |
CVE-2023-31141
|
MAVEN:GHSA-G8XC-6MF7-H28H
|
OpenSearch issue with fine-grained access control during extremely rare race conditions | moderate |
2023-05-09T21:25:06
(16 months ago) |
|
| Affected | >= 2.0.0, < 2.4.0 < 1.3.7 |
CVE-2022-41918
|
MAVEN:GHSA-WMX7-X4JP-9JGG
|
OpenSearch has issue with fine-grained access control of indices backing data streams | moderate |
2023-03-07T20:04:42
(18 months ago) |
|
| Fixed | = 2.4.0 = 1.3.7 |
CVE-2022-41918
|
MAVEN:GHSA-WMX7-X4JP-9JGG
|
OpenSearch has issue with fine-grained access control of indices backing data streams | moderate |
2023-03-07T20:04:42
(18 months ago) |