TLS Certificate Validation Flaw in Logstash by Elastic
CVE-2021-22138

3.7LOW

Key Information:

Vendor: Elastic
Status: Elasticsearch
Vendor: CVE Published:; 13 May 2021

What is CVE-2021-22138?

A flaw has been identified in the monitoring feature of Logstash that affects certain versions. When a trusted server CA certificate is specified, Logstash fails to properly verify the returned certificate from the monitoring server. This vulnerability creates a potential risk for man-in-the-middle attacks, allowing unauthorized interception of monitoring data. The flaw is present in Logstash versions released after 6.4.0 and before version 6.8.15, as well as version 7.12.0, necessitating immediate attention to ensure secure communications.

Affected Version(s)

Elasticsearch after 6.4.0 and before 6.8.15 and 7.12.0

References

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210629-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2021
Vulnerability Reserved
Jan 4, 2021