First published: Fri Aug 18 2017(Updated: )
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.
Credit: bressers@elastic.co
Affected Software | Affected Version | How to fix |
---|---|---|
Elastic X-Pack | >=5.0.0<=5.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.