Miggo Logo
Miggo Vulnerability Database
CVE-2019-7615

CVE-2019-7615: Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

7.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-7615
GHSA ID
GHSA-35j2-p8fh-x966
EPSS Score
0.34405%
CWE
CWE-295
Published
5/24/2022
Updated
3/9/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
elastic-apmrubygems< 2.9.02.9.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper SSL certificate validation when using the 'server_ca_cert' setting. The GitHub PR #449 shows the fix occurred in transport/connection.rb where SSL configuration is handled. The critical issue was that specifying a CA certificate didn't enforce proper verification due to missing verify_mode configuration. The #start_ssl method (or equivalent SSL setup routine) in this file would be responsible for configuring OpenSSL parameters, and prior to 2.9.0, failed to set verify_mode to VERIFY_PEER when a CA cert was provided, making MITM attacks possible. This matches both the CWE-295 description and the patch's nature of adding proper verification flags.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* TLS **rti*i**t* v*li**tion *l*w w*s *oun* in *l*sti* *PM ***nt *or Ru*y v*rsions ***or* *.*.*. W**n sp**i*yin* * trust** s*rv*r ** **rti*i**t* vi* t** `s*rv*r_**_**rt` s*ttin*, t** Ru*y ***nt woul* not prop*rly v*ri*y t** **rti*i**t* r*turn** *y t*

Reasoning

T** vuln*r**ility st*ms *rom improp*r SSL **rti*i**t* v*li**tion w**n usin* t** 's*rv*r_**_**rt' s*ttin*. T** *it*u* PR #*** s*ows t** *ix o**urr** in tr*nsport/*onn**tion.r* w**r* SSL *on*i*ur*tion is **n*l**. T** *riti**l issu* w*s t**t sp**i*yin*