Описание
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:elastic:logstash:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:logstash:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:logstash:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:logstash:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:logstash:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:logstash:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:elasticsearch:logstash:1.5.3:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00306
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 5.9
debian
больше 8 лет назад
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack out ...
CVSS3: 5.9
github
больше 3 лет назад
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
EPSS
Процентиль: 53%
0.00306
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295