Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN287

_____________________________________________________________________

DATE                : 07/05/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Logstash versions prior to 8.17.6,
                                         8.18.1, 9.0.1.

=====================================================================
https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868
_____________________________________________________________________


Logstash 8.17.6, 8.18.1, and 9.0.1 Security Update (ESA-2025-08)
Announcements Security Announcements
ismisepaul (Paul) May 6, 2025, 4:33pm 1

Logstash Improper Certificate Validation in TCP output (ESA-2025-08)

Improper certificate validation in Logstash's TCP output could lead
to a man-in-the-middle (MitM) attack in “client” mode, as hostname
verification in TCP output was not being performed when the
ssl_verification_mode => full was set.


Affected Versions:
All versions prior to 8.17.6, as well as version 8.18.0 and version
9.0.0.


Affected Configurations:
This issue affects the TCP output plugin when run in “client” mode
and ssl_verification_mode => full is set to full (the default).


Solutions and Mitigations:
The issue is resolved in version 8.17.6, 8.18.1, and 9.0.1.

Alternatively, users may also upgrade the TCP output plugin to 6.2.2
or 7.0.1 by running bin/logstash-plugin update logstash-output-tcp.

Severity: CVSSv3.1: 5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVE ID: CVE-2025-37730



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================