Lucene search
ElasticCVELIST:CVE-2019-7615HistoryJul 30, 2019 - 9:15 p.m.
CVE-2019-7615
2019-07-3021:15:47
CWE-295
elastic
www.cve.org
4
EPSS
0.001
Percentile
37.0%
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the ‘server_ca_cert’ setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
CNA Affected
[
{
"product": "Elastic APM agent for Ruby",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 2.9.0"
}
]
}
]References
Related
osv
osv
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
2022-05-24 16:51:49
CVE-2019-7615
2019-07-30 22:15:12
veracode
veracode
Man-in-the-Middle (MitM)
2019-07-31 04:33:40
github
github
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
2022-05-24 16:51:49
prion
prion
Design/Logic Flaw
2019-07-30 22:15:00
rubygems
rubygems
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
2022-05-23 21:00:00
cve
cve
CVE-2019-7615
2019-07-30 22:15:12
nvd
nvd
CVE-2019-7615
2019-07-30 22:15:12