Security feature bypass

2021-05-1318:15:00

PRIOn knowledge base

www.prio-n.com

AI Score

4.1

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

CPENameOperatorVersion
logstashge7.0.0
logstashlt7.12.0
logstashge6.4.0
logstashlt6.8.15

Name	Operator	Version
logstash	ge	7.0.0
logstash	lt	7.12.0
logstash	ge	6.4.0
logstash	lt	6.8.15

References

discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125

security.netapp.com/advisory/ntap-20210629-0001/