A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.elastic.co/community/security/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: elastic
Published: 2019-07-30T21:15:47
Updated: 2024-08-04T20:54:27.931Z
Reserved: 2019-02-07T00:00:00
Link: CVE-2019-7615
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-07-30T22:15:12.660
Modified: 2024-11-21T04:48:24.420
Link: CVE-2019-7615
Redhat
No data.