org.opensearch.plugin:opensearch-security (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.opensearch.plugin:opensearch-security, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-35980 — CVSS 7.5 (high): OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of…
CVE-2022-41918 — CVSS 6.3 (medium): OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained…
CVE-2023-23613 — CVSS 5.7 (medium): OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of…
CVE-2023-45807 — CVSS 5.4 (medium): OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an…
CVE-2023-25806 — CVSS 5.3 (medium): OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy…
CVE-2023-31141 — CVSS 4.8 (medium): OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there…
CVE-2023-23612 — CVSS 4.7 (medium): OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity…