VDB

CISA-2022-41906

CISA-2022-41906 PUBLISHED CVSS 7.7 HIGH

Reported by GitHub_M · Published November 11, 2022

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.

Risk Scores

CVSS 3.0
7.7
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
opensearch-projectnotifications>= 2.0.0, < 2.2.1
opensearch-projectnotifications*, >= 2.0.0, < 2.2.1

Timeline

  • Nov 11, 2022 CVE Published
  • Apr 23, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›