Описание
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.13.1.0 (исключая)
cpe:2.3:a:amazon:open_distro:*:*:*:*:*:elasticsearch:*:*
EPSS
Процентиль: 41%
0.00187
Низкий
7.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
github
больше 3 лет назад
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
EPSS
Процентиль: 41%
0.00187
Низкий
7.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-918