Browse all 16 CVE security advisories affecting opensearch-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenSearch serves as a distributed search and analytics engine for log management, monitoring, and observability use cases. Historically, the project has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely documented, the 16 recorded CVEs highlight ongoing security considerations. The project maintains security through regular updates and a vulnerability disclosure program, though deployments should implement proper access controls and network segmentation to mitigate risks associated with exposed interfaces and default configurations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-45807 | OpenSearch Issue with tenant read-only permissions — securityCWE-281 | 5.4 | Medium | 2023-10-16 |
| CVE-2023-31141 | OpenSearch issue with fine-grained access control during extremely rare race conditions — securityCWE-863 | 4.8 | Medium | 2023-05-08 |
| CVE-2023-25806 | Time discrepancy in authentication responses in OpenSearch — securityCWE-208 | 5.3 | - | 2023-03-02 |
| CVE-2023-23612 | Issue with whitespace in JWT roles in OpenSearch — securityCWE-287 | 4.7 | Medium | 2023-01-24 |
| CVE-2023-23613 | Field-level security issue with .keyword fields in OpenSearch — securityCWE-200 | 5.7 | Medium | 2023-01-24 |
| CVE-2022-41918 | Issue with fine-grained access control of indices backing data streams — securityCWE-863 | 6.3 | Medium | 2022-11-15 |
| CVE-2022-35980 | OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information — securityCWE-612 | 7.5 | High | 2022-08-12 |
This page lists every published CVE security advisory associated with opensearch-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.