CVE-2019-7615

Improper Certificate Validation in gem/elastic-apm

Identifiers

GHSA-35j2-p8fh-x966, CVE-2019-7615

Package Slug

gem/elastic-apm

Vulnerability

Improper Certificate Validation

Description

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'servercacert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

Affected Versions

All versions before 2.9.0

Solution

Upgrade to version 2.9.0 or above.

Last Modified

2023-03-06

source