VDB

CVE-2021-22138

CVE-2021-22138 PUBLISHED

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

EPSS 0.11% · 28.8th percentile

Risk Scores

EPSS Score
0.11%
28.8th percentile

Affected Products

VendorProductVersions
Bitnamilogstash6.4.0, 7.0.0
Bitnamilogstash6.4.0, 7.0.0

Timeline

  • May 13, 2021 CVE Published
  • May 14, 2021 EPSS Score
  • Jul 17, 2021 EPSS Score
  • Sep 16, 2021 EPSS Score
  • Nov 17, 2021 EPSS Score
  • Jan 18, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 20, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 21, 2022 EPSS Score
  • Jul 23, 2022 EPSS Score
  • Sep 23, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›