VDB
CVE-2021-22138
CVE-2021-22138
PUBLISHED
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.
EPSS 0.11% · 28.8th percentile
Risk Scores
EPSS Score
0.11%
28.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | logstash | 6.4.0, 7.0.0 |
| Bitnami | logstash | 6.4.0, 7.0.0 |
Timeline
- May 13, 2021 CVE Published
- May 14, 2021 EPSS Score
- Jul 17, 2021 EPSS Score
- Sep 16, 2021 EPSS Score
- Nov 17, 2021 EPSS Score
- Jan 18, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 20, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 21, 2022 EPSS Score
- Jul 23, 2022 EPSS Score
- Sep 23, 2022 EPSS Score