Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Elasticsearch X-Pack Security TLS trust manager 安全漏洞
Vulnerability Description
Elasticsearch X-Pack是荷兰Elasticsearch公司的一个Elastic Stack(日志分析系统)的扩展。Security TLS trust manager是其中的一个安全证书管理器。 Elasticsearch X-Pack Security TLS trust manager 5.0.0版本至5.5.1版本中存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
CVSS Information
N/A
Vulnerability Type
N/A