Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for open_distro by amazon

    CVE-2021-31828 (GCVE-0-2021-31828)

    Vulnerability from nvd – Published: 2021-05-06 18:13 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:30.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://opendistro.github.io/for-elasticsearch-docs/version-history/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin\u0027s intended scope."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-12T15:47:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://opendistro.github.io/for-elasticsearch-docs/version-history/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin\u0027s intended scope."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
                },
                {
                  "name": "https://opendistro.github.io/for-elasticsearch-docs/version-history/",
                  "refsource": "MISC",
                  "url": "https://opendistro.github.io/for-elasticsearch-docs/version-history/"
                },
                {
                  "name": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828",
                  "refsource": "MISC",
                  "url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31828",
        "datePublished": "2021-05-06T18:13:18.000Z",
        "dateReserved": "2021-04-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:30.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31828 (GCVE-0-2021-31828)

    Vulnerability from cvelistv5 – Published: 2021-05-06 18:13 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:30.640Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://opendistro.github.io/for-elasticsearch-docs/version-history/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin\u0027s intended scope."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-12T15:47:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://opendistro.github.io/for-elasticsearch-docs/version-history/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31828",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin\u0027s intended scope."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
                },
                {
                  "name": "https://opendistro.github.io/for-elasticsearch-docs/version-history/",
                  "refsource": "MISC",
                  "url": "https://opendistro.github.io/for-elasticsearch-docs/version-history/"
                },
                {
                  "name": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828",
                  "refsource": "MISC",
                  "url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31828",
        "datePublished": "2021-05-06T18:13:18.000Z",
        "dateReserved": "2021-04-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:30.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }