An SSRF issue in Open Distro for Elasticsearch (ODFE)... · CVE-2021-31828 · GitHub Advisory Database · GitHub

An SSRF issue in Open Distro for Elasticsearch (ODFE)...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.

References

Published by the National Vulnerability Database

May 6, 2021

Published to the GitHub Advisory Database May 24, 2022

Last updated Jan 29, 2023