An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828
https://opendistro.github.io/for-elasticsearch-docs/version-history/
https://github.com/opendistro-for-elasticsearch/alerting/pull/353
Source: Mitre, NVD
Published: 2021-05-06
Updated: 2026-06-17
Base Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
Severity: Medium
Base Score: 7.1
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Severity: High
EPSS: 0.00187