CVE-2022-41906

OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF)

Severity Score

8.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.

OpenSearch Notifications es un complemento de notificaciones para OpenSearch que permite que otros complementos envíen notificaciones a través de canales de correo electrónico, Slack, Amazon Chime, web-hook personalizado, etc. Un posible problema de SSRF en el complemento de notificaciones de OpenSearch a partir de 2.0.0 y antes de 2.2.1 podría permitir a un usuario privilegiado existente enumerar servicios de escucha o interactuar con recursos configurados a través de solicitudes HTTP que excedan el alcance previsto del complemento de notificación. OpenSearch 2.2.1+ contiene la solución para este problema. Actualmente no existen workarounds recomendados.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-30 CVE Reserved
2022-11-11 CVE Published
2024-06-03 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (3)

URL	Tag	Source
https://github.com/opensearch-project/notifications/security/advisories/GHSA-pfc4-3436-jgrw	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/opensearch-project/notifications/pull/496	2023-07-25
https://github.com/opensearch-project/notifications/pull/507	2023-07-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Amazon Search vendor "Amazon"		Opensearch Notifications Search vendor "Amazon" for product "Opensearch Notifications"				< 2.2.1.0 Search vendor "Amazon" for product "Opensearch Notifications" and version " < 2.2.1.0"		docker		Affected