CVE-2021-31828
N/A
N/A
Summary
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/opendistro-for-elasticsearch/alerting/pull/353
- https://opendistro.github.io/for-elasticsearch-docs/version-history/
- https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828
References
- https://github.com/opendistro-for-elasticsearch/alerting/pull/353
- https://opendistro.github.io/for-elasticsearch-docs/version-history/
- https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.