Impact
A potential SSRF issue in OpenSearch Notifications Plugin could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope.
Patches
OpenSearch 2.1.0+ contains the fix for this issue.
Workarounds
There is no recommended work around.
References
See pull request #496 and #507 for additional details.
For more information
If you have any questions or comments about this advisory we ask that contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
Impact
A potential SSRF issue in OpenSearch Notifications Plugin could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Notification plugin's intended scope.
Patches
OpenSearch 2.1.0+ contains the fix for this issue.
Workarounds
There is no recommended work around.
References
See pull request #496 and #507 for additional details.
For more information
If you have any questions or comments about this advisory we ask that contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.