CVE-2021-31828: SSRF
First published: Thu May 06 2021(Updated: )
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amazon Open Distro | <1.13.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-31828?
CVE-2021-31828 is classified as a high-severity vulnerability due to its potential to allow privileged users to interact with restricted resources.
How do I fix CVE-2021-31828?
To mitigate CVE-2021-31828, upgrade Open Distro for Elasticsearch to version 1.13.1.0 or later.
Who is affected by CVE-2021-31828?
CVE-2021-31828 affects installations of Open Distro for Elasticsearch versions earlier than 1.13.1.0.
What types of systems are impacted by CVE-2021-31828?
CVE-2021-31828 impacts systems running the Open Distro for Elasticsearch Alerting plugin.
What can an attacker do by exploiting CVE-2021-31828?
Exploiting CVE-2021-31828 allows an attacker with privileged access to enumerate services or interact with resources outside the intended scope.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/amazon
- canonical/amazon open distro