CVE-2023-25806

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-208
View all →

Vulnerability Description

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.

Related Vulnerabilities

CVE-2014-125055

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing di...

CWE-2082014

CVE-2014-125056

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to obser...

CWE-2082014

CVE-2016-15015

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulatio...

CWE-2082016

CVE-2022-20752

MEDIUM
CVSS:5.3(Medium)

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauth...

CWE-2082022

CVE-2022-42288

MEDIUM
CVSS:5.3(Medium)

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

CWE-2082022

CVE-2023-1538

MEDIUM
CVSS:5.3(Medium)

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

CWE-2082023