Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Elasticsearch Logstash 信任管理问题漏洞
Vulnerability Description
Elasticsearch Logstash是荷兰Elasticsearch公司的一套日志分析和监控工具。 Logstash 存在安全漏洞。该漏洞源于程序监视功能中存在TLS证书验证漏洞,可能会导致一名中间人攻击Logstash监视数据。以下产品及版本受到影响:Logstash 6.4.0版本到6.8.15、Logstash 7.12.0 版本。
CVSS Information
N/A
Vulnerability Type
N/A