Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.opensearch.plugin/opensearch-security@2.6.0

Type maven

Namespace org.opensearch.plugin

Name opensearch-security

Version 2.6.0

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.7.0.0

Latest_non_vulnerable_version 3.3.0.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-fyj4-m2xs-p7hg

vulnerability_id VCID-fyj4-m2xs-p7hg

summary

Observable Discrepancy
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25806

reference_id

reference_type

scores

value	0.00278
scoring_system	epss
scoring_elements	0.51414
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25806

reference_url

https://github.com/opensearch-project/security

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/opensearch-project/security

reference_url

https://github.com/opensearch-project/security/pull/2472

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/opensearch-project/security/pull/2472

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25806

reference_id

CVE-2023-25806

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25806

reference_url	https://github.com/advisories/GHSA-c6wg-cm5x-rqvj
reference_id	GHSA-c6wg-cm5x-rqvj
reference_type
scores
url	https://github.com/advisories/GHSA-c6wg-cm5x-rqvj

reference_url

https://github.com/opensearch-project/security/security/advisories/GHSA-c6wg-cm5x-rqvj

reference_id

GHSA-c6wg-cm5x-rqvj

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/opensearch-project/security/security/advisories/GHSA-c6wg-cm5x-rqvj

fixed_packages

url	pkg:maven/org.opensearch.plugin/opensearch-security@1.3.9
purl	pkg:maven/org.opensearch.plugin/opensearch-security@1.3.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.opensearch.plugin/opensearch-security@1.3.9

url	pkg:maven/org.opensearch.plugin/opensearch-security@2.6.0
purl	pkg:maven/org.opensearch.plugin/opensearch-security@2.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.opensearch.plugin/opensearch-security@2.6.0

aliases CVE-2023-25806, GHSA-c6wg-cm5x-rqvj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyj4-m2xs-p7hg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.opensearch.plugin/opensearch-security@2.6.0

Package Instance