High severityNVD Advisory· Published Jul 30, 2019· Updated Aug 4, 2024
CVE-2019-7615
CVE-2019-7615
Description
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elastic-apmRubyGems | < 2.9.0 | 2.9.0 |
Affected products
2- Range: before 2.9.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-35j2-p8fh-x966ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-7615ghsaADVISORY
- github.com/elastic/apm-agent-ruby/pull/449ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/elastic-apm/CVE-2019-7615.ymlghsaWEB
- www.elastic.co/community/securityghsaWEB
- www.elastic.co/community/security/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.