CVE-2019-7615
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
Se encontró una fallo de comprobación del certificado TLS en el agente APM de Elastic para Ruby versiones anteriores a 2.9.0. Cuando se especifica un certificado de CA de un servidor de confianza por medio de la configuración "server_ca_cert", el agente de Ruby no comprobaría apropiadamente el certificado devuelto por el servidor APM. Esto podría resultar en un ataque de tipo man in the middle contra el agente de Ruby.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-07 CVE Reserved
- 2019-07-30 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.elastic.co/community/security | 2023-03-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elastic Search vendor "Elastic" | Apm-agent-ruby Search vendor "Elastic" for product "Apm-agent-ruby" | < 2.9.0 Search vendor "Elastic" for product "Apm-agent-ruby" and version " < 2.9.0" | ruby |
Affected
| ||||||