2 matches found
CVE-2023-31421
CVE-2023-31421 affects Beats, Elastic Agent, APM Server, and Fleet Server when acting as TLS clients: if configured to connect to an IP address, the client does not validate the server certificate’s IP SAN against that IP, though certificate signature validation runs. This can allow a connection ...
CVE-2023-49922
CVE-2023-49922 concerns Elastic Beats and Elastic Agent logging raw events to their own logs at WARN/ERROR when ingestion to Elasticsearch fails with most 4xx responses (except 409/429), potentially exposing sensitive information. Connected docs confirm a fix in Elastic releases 8.11.3 and 7.17.1...