CVE-2022-41906

Name of the Vulnerable Software and Affected Versions OpenSearch Notifications Plugin versions 2.0.0 through 2.2.0

Description A potential Server-Side Request Forgery (SSRF) issue in the OpenSearch Notifications Plugin could allow an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests, exceeding the plugin's intended scope. The issue affects the plugin's ability to send notifications via various channels, including Email, Slack, Amazon Chime, and Custom web-hook.

Recommendations For OpenSearch Notifications Plugin versions 2.0.0 through 2.2.0, update to OpenSearch 2.2.1 or later to resolve the issue. At the moment, there is no information about other workarounds for this vulnerability.