CVE-2021-37698 – Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer

https://notcve.org/view.php?id=CVE-2021-37698

19 Aug 2021 — Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version ... • https://github.com/Icinga/icinga2/releases/tag/v2.11.11 • CWE-295: Improper Certificate Validation •