GHSA-35j2-p8fh-x966

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.4

Описание

Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the server_ca_cert setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

Ссылки

Пакеты

Наименование

elastic-apm

rubygems

Затронутые версииВерсия исправления

< 2.9.0

2.9.0

EPSS

Процентиль: 34%

0.00136

Низкий

7.4 High

CVSS3

CVE ID

CVE-2019-7615

Дефекты

CWE-295

Связанные уязвимости

CVE-2019-7615

CVSS3: 7.4

nvd

больше 6 лет назад

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

EPSS

Процентиль: 34%

0.00136

Низкий

7.4 High

CVSS3

CVE ID

CVE-2019-7615

Дефекты

CWE-295