Design/Logic Flaw

2017-08-0916:29:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

CPENameOperatorVersion
logstasheq1.4.1
logstasheq1.4.2
logstasheq1.4.0
logstasheq1.5.3
logstasheq1.4.4
logstasheq1.5.1
logstasheq1.4.3
logstasheq1.5.0
logstasheq1.5.2