Primary

Context

Logstash Improper Certificate Validation in TCP Output Allowing Man-in-the-Middle Attack

Vulnerability

Patched

A vulnerability exists in Logstash's TCP output plugin that can lead to a man-in-the-middle (MitM) attack when the plugin is used in 'client' mode with the 'ssl_verification_mode' set to 'full' (the default). In this configuration, hostname verification is not performed, leaving the connection open to interception.

Impact

Exploitation of this vulnerability could allow an attacker to intercept and potentially alter communications between Logstash and the intended recipient, creating a man-in-the-middle scenario.

Remediation

Users can upgrade to Logstash versions 8.17.6, 8.18.1, or 9.0.1 to address this vulnerability. Alternatively, the TCP output plugin can be updated to version 6.2.2 or 7.0.1.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

5.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

5.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Logstash Improper Certificate Validation in TCP Output Allowing Man-in-the-Middle Attack

Vulnerability

Impact

Remediation

Affected Products

Elastic Logstash

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating