Amazon Opensearch Security
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Amazon Opensearch Security.
By the Year
In 2026 there have been 0 vulnerabilities in Amazon Opensearch Security. Opensearch Security did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.60 |
It may take a day or so for new Opensearch Security vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Opensearch Security Security Vulnerabilities
OpenSearch 1.3/2.7 racecondition in finegrained ACL leads to auth bypass
CVE-2023-31141
5.9 - Medium
- May 08, 2023
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.
AuthZ
OpenSearch Security 1.3.9/2.6.0 Timing Attack in Internal IdP
CVE-2023-25806
5.3 - Medium
- March 02, 2023
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.
Side Channel Attack
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Opensearch Security or by Amazon? Click the Watch button to subscribe.
