Headline

CVE-2021-22138

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

3 years ago

CVE

Open in Source

#perl #ssl

Related news

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #debian #dos #apache #nodejs #js #git #java #kubernetes #rce #perl #ldap #ssrf #pdf #log4j #oauth #auth #ibm #ruby #postgres #jira #chrome #ssl

CVE-2022-23712: Security issues

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

2 years ago

CVE

Open in Source