{"id":"CVE-2021-22138","details":"In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.","aliases":["BIT-logstash-2021-22138"],"modified":"2026-04-10T04:29:57.839022Z","published":"2021-05-13T18:15:09.077Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210629-0001/"},{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/logstash","events":[{"introduced":"f8014ac54e6c8ff6c071c0960ca1b00e9735f43a"},{"fixed":"3c0cd07dcd6979538e2b92b9997f2535aa13798e"},{"introduced":"26101649981400490f8bab334c61a90a1d6325d2"},{"fixed":"4399d72a9afe6f06db8adbaad8030e5b111e86b6"}],"database_specific":{"versions":[{"introduced":"6.4.0"},{"fixed":"6.8.15"},{"introduced":"7.0.0"},{"fixed":"7.12.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22138.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}