Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)
Vulnerability Description
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
OpenSearch Project 代码问题漏洞
Vulnerability Description
OpenSearch Project是OpenSearch Project开源的一个社区驱动的、Apache 2.0许可的开放源代码搜索和分析套件。使其易于获取、搜索、可视化和分析数据。 OpenSearch Project Notifications存在代码问题漏洞,该漏洞源于其潜在服务端请求伪造可能允许现有特权用户枚举侦听服务或通过超出通知插件预期范围的HTTP请求与配置的资源进行交互。
CVSS Information
N/A
Vulnerability Type
N/A