CVE-2022-41906

HIGH Year: 2022
CVSS v3 Score
7.7
High
Weakness Type
CWE-918
View all →

Vulnerability Description

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.

Related Vulnerabilities

CVE-2016-4374

HIGH
CVSS:7.7(High)

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information...

CWE-9182016

CVE-2017-7566

HIGH
CVSS:7.7(High)

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

CWE-9182017

CVE-2018-19571

HIGH
CVSS:7.7(High)

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

CWE-9182018

CVE-2019-15033

HIGH
CVSS:7.7(High)

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as ...

CWE-9182019

CVE-2019-6257

HIGH
CVSS:7.7(High)

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in p...

CWE-9182019

CVE-2019-7652

HIGH
CVSS:7.7(High)

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type,...

CWE-9182019