CVE-2023-31421

{"id": "CVE-2023-31421", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "bressers@elastic.co", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-10-26T04:15:16.000", "references": [{"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}, {"url": "https://www.elastic.co/community/security", "tags": ["Vendor Advisory"], "source": "bressers@elastic.co"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "bressers@elastic.co", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."}, {"lang": "es", "value": "Se descubri\u00f3 que cuando actuaban como Clientes TLS, Beats, Elastic Agent, APM Server y Fleet Server no verificaban si el certificado del servidor es v\u00e1lido para la direcci\u00f3n IP de destino; sin embargo, a\u00fan se realiza la validaci\u00f3n de la firma del certificado. M\u00e1s espec\u00edficamente, cuando el cliente est\u00e1 configurado para conectarse a una direcci\u00f3n IP (en lugar de un nombre de host), no valida los valores IP SAN del certificado del servidor con esa direcci\u00f3n IP y la validaci\u00f3n del certificado falla y, por lo tanto, la conexi\u00f3n no se bloquea como se esperaba."}], "lastModified": "2024-02-15T19:39:22.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F350E05B-DF03-4D1F-95A4-4F6C14DD1640", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CB5A9F5-BEFA-472C-A29B-4E71F2B19609", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E6E46E9-87C4-4422-AB28-811252254A88", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elastic_fleet_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F77F3ECE-C5B8-4BBB-B1B5-986DBCA2C0EE", "versionEndIncluding": "8.9.2", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "bressers@elastic.co"}