CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22138
https://notcve.org/view.php?id=CVE-2021-22138
13 May 2021 — In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data. En Logstash versiones posteriores a 6.4.0 y anteriores a 6.8.15 y 7.12.0, se encontró un fallo de comprobación del certificado TLS en la funcionalidad de... • https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7620
https://notcve.org/view.php?id=CVE-2019-7620
30 Oct 2019 — Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. Logstash versiones anteriores a 7.4.1 y 6.8.4, contienen un fallo de denegación de servicio en el plugin de entrada de Logstash Beats. Un usuario no autenticado que puede ser capaz de conectarse a la entrada de latidos de Logs... • https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908 • CWE-400: Uncontrolled Resource Consumption •