Amazon Opensearch Security
By the Year
In 2024 there have been 0 vulnerabilities in Amazon Opensearch Security . Last year Opensearch Security had 2 security vulnerabilities published. Right now, Opensearch Security is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.60 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Opensearch Security vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Opensearch Security Security Vulnerabilities
OpenSearch is open-source software suite for search, analytics, and observability applications
CVE-2023-31141
5.9 - Medium
- May 08, 2023
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.
AuthZ
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization
CVE-2023-25806
5.3 - Medium
- March 02, 2023
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.
Side Channel Attack
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Opensearch Security or by Amazon? Click the Watch button to subscribe.
