CVE-2021-31828 Information
Jun 07, 2022
cve
Description
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin’s intended scope.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Reference
https://github.com/opendistro-for-elasticsearch/alerting/pull/353 https://opendistro.github.io/for-elasticsearch-docs/version-history/ https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
NONE
Base Severity
7.1
Share on: