SSL/TLS Certificate Validation Vulnerability in Logstash by Elastic
CVE-2015-5619

5.9MEDIUM

Key Information:

Vendor
Elastic
Status
Vendor
CVE Published:
9 August 2017

Summary

Logstash versions 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4 have a significant vulnerability where the SSL/TLS certificates from the Logstash server are not validated. This lack of validation may allow attackers to intercept and manipulate communication between Logstash components through a man-in-the-middle attack, leading to potential exposure of sensitive information.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.