CVE-2023-31421 MEDIUM

CVE-2023-31421: Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue

Vendor Elastic
Product Beats
Weakness CWE-295
Published October 26, 2023
Last update August 2, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.

Key dates

02Disclosure timeline

October 26, 2023 CVE published
August 2, 2024 Record updated