{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31421", "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "state": "PUBLISHED", "assignerShortName": "elastic", "dateReserved": "2023-04-27T18:54:56.705Z", "datePublished": "2023-10-26T03:10:52.684Z", "dateUpdated": "2024-08-02T14:53:30.714Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Beats", "vendor": "Elastic", "versions": [{"status": "affected", "version": "8.0.0, 8.9.2"}]}, {"defaultStatus": "unaffected", "product": "Elastic Agent", "vendor": "Elastic", "versions": [{"status": "affected", "version": "8.0.0, 8.9.2"}]}, {"defaultStatus": "unaffected", "product": "APM Server", "vendor": "Elastic", "versions": [{"status": "affected", "version": "8.0.0, 8.9.2"}]}, {"defaultStatus": "unaffected", "product": "Fleet Server", "vendor": "Elastic", "versions": [{"status": "affected", "version": "8.0.0, 8.9.2"}]}], "datePublic": "2023-09-19T15:32:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: var(--wht);\">It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.</span>"}], "value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic", "dateUpdated": "2023-10-26T03:10:52.684Z"}, "references": [{"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"}, {"url": "https://www.elastic.co/community/security"}], "source": {"discovery": "UNKNOWN"}, "title": "Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:53:30.714Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385", "tags": ["x_transferred"]}, {"url": "https://www.elastic.co/community/security", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*", "matchCriteriaId": "F350E05B-DF03-4D1F-95A4-4F6C14DD1640", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB5A9F5-BEFA-472C-A29B-4E71F2B19609", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E6E46E9-87C4-4422-AB28-811252254A88", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_fleet_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F77F3ECE-C5B8-4BBB-B1B5-986DBCA2C0EE", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."}, {"lang": "es", "value": "Se descubri\u00f3 que cuando actuaban como Clientes TLS, Beats, Elastic Agent, APM Server y Fleet Server no verificaban si el certificado del servidor es v\u00e1lido para la direcci\u00f3n IP de destino; sin embargo, a\u00fan se realiza la validaci\u00f3n de la firma del certificado. M\u00e1s espec\u00edficamente, cuando el cliente est\u00e1 configurado para conectarse a una direcci\u00f3n IP (en lugar de un nombre de host), no valida los valores IP SAN del certificado del servidor con esa direcci\u00f3n IP y la validaci\u00f3n del certificado falla y, por lo tanto, la conexi\u00f3n no se bloquea como se esperaba."}], "id": "CVE-2023-31421", "lastModified": "2024-11-21T08:01:49.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "bressers@elastic.co", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-26T04:15:16.000", "references": [{"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "bressers@elastic.co", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}