PT-2021-14866 · Elastic+1 · Logstash+1
Published
2021-05-13
·
Updated
2024-03-06
·
CVE-2021-22138
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Logstash versions after 6.4.0 and before 6.8.15
Logstash versions prior to 7.12.0
Description
A TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate, Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man-in-the-middle style attack against the Logstash monitoring data.
Recommendations
For Logstash versions after 6.4.0 and before 6.8.15, update to version 6.8.15 or later.
For Logstash versions prior to 7.12.0, update to version 7.12.0 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logstash
Red Os