CVE-2021-31828: Server-Side Request Forgery (SSRF)

May 6, 2021 (updated May 18, 2021)

An SSRF issue in Open Distro for Elasticsearch (ODFE) allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin’s intended scope.

References

nvd.nist.gov/vuln/detail/CVE-2021-31828

Detect and mitigate CVE-2021-31828 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →