RSS   Vulnerabilities for 'Apm-agent-ruby'   RSS

2019-07-30
 
CVE-2019-7615

CWE-295
 

 
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

 

 >>> Vendor: Elastic 16 Products
Logstash
Elasticsearch
Kibana
X-pack
Kibana reporting
Azure repository
Apm-agent-ruby
Elastic cloud enterprise
Elasticsearch x-pack
Kibana x-pack
Logstash x-pack
Winlogbeat
Apm agent
Elastic cloud on kubernetes
Elastic app search
Enterprise search


Copyright 2024, cxsecurity.com

 

Back to Top