Security Advisory

CVE-2019-7615

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-30 21:15:47

Last updated 2024-08-04 20:54:27

Assigner elastic

State PUBLISHED

Description

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the server_ca_cert setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

← Browse all CVEs View on cve.org ↗