cvedb.io
CVE-2023-25806
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2023-03-02T04:15:10.987 · Last modified 2026-06-17T05:42:01.667

Summary

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.

Affected products

amazon — opensearch

Does this affect you?

Add your gear to cvedb and we'll alert you only when amazon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.