TLS Certificate Validation Flaw in Logstash by Elastic
CVE-2021-22138

3.7LOW

Key Information:

Vendor: Elastic
Status: Elasticsearch
Vendor: CVE Published:; 13 May 2021

What is CVE-2021-22138?

A flaw has been identified in the monitoring feature of Logstash that affects certain versions. When a trusted server CA certificate is specified, Logstash fails to properly verify the returned certificate from the monitoring server. This vulnerability creates a potential risk for man-in-the-middle attacks, allowing unauthorized interception of monitoring data. The flaw is present in Logstash versions released after 6.4.0 and before version 6.8.15, as well as version 7.12.0, necessitating immediate attention to ensure secure communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Elasticsearch after 6.4.0 and before 6.8.15 and 7.12.0

References

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8...

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210629-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2021
Vulnerability Reserved
Jan 4, 2021

JSON

Elastic

What is CVE-2021-22138?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.