Lucene search
GoogleOSV:GHSA-35J2-P8FH-X966HistoryMay 24, 2022 - 4:51 p.m.
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
2022-05-2416:51:49
Google
osv.dev
17
elastic apm
ruby
tls certificate
EPSS
0.001
Percentile
37.0%
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the server_ca_cert setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
Related
prion
prion
Design/Logic Flaw
2019-07-30 22:15:00
osv
osv
CVE-2019-7615
2019-07-30 22:15:12
cvelist
cvelist
CVE-2019-7615
2019-07-30 21:15:47
rubygems
rubygems
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
2022-05-23 21:00:00
cve
cve
CVE-2019-7615
2019-07-30 22:15:12
nvd
nvd
CVE-2019-7615
2019-07-30 22:15:12
veracode
veracode
Man-in-the-Middle (MitM)
2019-07-31 04:33:40
github
github
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
2022-05-24 16:51:49