Home > Vulnerability Database > CVE-2022-41906

Mend.io Vulnerability Database

CVE-2022-41906

Good to know:

Date: November 11, 2022

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope. OpenSearch 2.2.1+ contains the fix for this issue. There are currently no recommended workarounds.

Language: KOTLIN

Severity Score

8.7

Related Resources (5)

Url: https://github.com/opensearch-project/notifications/pull/496

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41906

Url: https://github.com/opensearch-project/notifications/pull/507

Url: https://github.com/opensearch-project/notifications/security/advisories/GHSA-pfc4-3436-jgrw

Url: https://www.mend.io/vulnerability-database/CVE-2022-41906

Severity Score

8.7

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version 2.2.1.0

Learn More

CVSS v3.1

Base Score:	8.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41906

Good to know:

Date: November 11, 2022

Language: KOTLIN

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?