CVE-2023-25806

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25806

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25806.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25806

Aliases

GHSA-c6wg-cm5x-rqvj

Published

2023-03-02T04:15:10Z

Modified

2024-09-03T04:26:25.444261Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.

References

https://github.com/opensearch-project/security/security/advisories/GHSA-c6wg-cm5x-rqvj

Affected packages

Git / github.com/opensearch-project/anomaly-detection

Affected ranges

Type: GIT
Repo: https://github.com/opensearch-project/anomaly-detection
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

88a3f2b85ce2bcf4ced144d42f5bf96111b82743

Type: GIT
Repo: https://github.com/opensearch-project/opensearch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

64d2aa341cf591dd20ab3966792e564a467fdcf7

Type: GIT
Repo: https://github.com/opensearch-project/security
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0004aba21d56ff62ea2f445758b51fd21f431e63

Affected versions

Other

(None)

1.*

1.0.0-alpha1

1.0.0-alpha2

1.0.0-beta1

1.0.0.0

1.0.0.0-beta1

1.0.0.0-rc1

1.1.0.0

1.3.0

1.3.0.0

1.3.1

1.3.1.0

1.3.2

1.3.2.0

1.3.3

1.3.3.0

1.3.4

1.3.4.0

1.3.5

1.3.5.0

1.3.6

1.3.6.0

1.3.7

1.3.7.0

1.3.8

1.3.8.0

v0.*

v0.7.0.0

v0.7.0.1

v0.8.0.0

v0.9.0.0

v1.*

v1.0.0.0

v1.0.0.0-beta1

v1.0.0.0-beta1-rc1

v1.0.0.0-beta1-rc2

v1.0.0.0-beta1-rc3

v1.0.0.0-rc1

v1.0.1.0-OS-rc1

v1.1.0.0

v1.10.0.0

v1.10.0.0-rc1

v1.10.1.0

v1.10.1.0-rc1

v1.10.1.0-rc2

v1.11.0.0

v1.11.0.0-rc1

v1.12.0.0

v1.12.0.0-rc

v1.13.0.0

v1.13.0.0-rc1

v1.13.0.0-rc2

v1.13.0.0-rc3

v1.13.0.0-rc4

v1.13.1.0

v1.13.1.0-rc1

v1.13.1.0-rc2

v1.2.1-alpha

v1.3.0.0

v1.4.0.0

v1.5.0.0

v1.5.0.1

v1.6.0.0

v1.7.0.0

v1.8.0.0

v1.9.0.0

v1.9.0.0-rc1

v1.9.0.0-rc2

v1.9.0.1