QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22138

Published: May 13, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

Vendor	Product	Versions
Elastic	Elasticsearch	affected `after 6.4.0 and before 6.8.15 and 7.12.0`

Weaknesses (CWE)

References

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210629-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.