xpack is vulnerable to man-in-the-middle attack. The vulnerability exists because verification of SSL/TLS certificates are not properly done, allowing a man in the middle attack against the Logstash monitoring data.
discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125
github.com/elastic/logstash/commit/2926f1e8c610034c1f2e4dfeda1bf4c2d3bbd979
github.com/elastic/logstash/commit/3c0cd07dcd6979538e2b92b9997f2535aa13798e
github.com/elastic/logstash/pull/12749
security.netapp.com/advisory/ntap-20210629-0001/