Description
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- Elastic / Logstash8.0.0 – 8.17.6
- Elastic / Logstash8.18.0 – 8.18.1
- Elastic / Logstash9.0.0 – 9.0.1