3 matches found
CVE-2025-35434
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2...
CVE-2025-35434
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2...
CVE-2025-35434
CVE-2025-35434 : CISA Thorium does not validate TLS certificates when connecting to Elasticsearch, allowing an unauthenticated attacker with access to a Thorium cluster to impersonate the Elasticsearch service. This is described as a vulnerability in Thorium that could enable man-in-the-middle-st...