RSS   Vulnerabilities for 'Apm-agent-ruby'   RSS

2019-07-30
 
CVE-2019-7615

CWE-295
 

 
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

 

 >>> Vendor: Elastic 5 Products
X-pack
Kibana reporting
Elasticsearch
Azure repository
Apm-agent-ruby


Copyright 2019, cxsecurity.com

 

Back to Top