7.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2019-7615

GHSA ID

GHSA-35j2-p8fh-x966

EPSS Score

0.34405%

CWE

CWE-295

Published

5/24/2022

Updated

3/9/2023

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-7615

CVE-2019-7615: Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the server_ca_cert setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2019-7615

CVE-2019-7615:

7.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2019-7615

GHSA ID

GHSA-35j2-p8fh-x966

EPSS Score

0.34405%

CWE

CWE-295

Published

5/24/2022

Updated

3/9/2023

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
elastic-apm	rubygems	< 2.9.0	2.9.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper SSL certificate validation when using the 'server_ca_cert' setting. The GitHub PR #449 shows the fix occurred in transport/connection.rb where SSL configuration is handled. The critical issue was that specifying a CA certificate didn't enforce proper verification due to missing verify_mode configuration. The #start_ssl method (or equivalent SSL setup routine) in this file would be responsible for configuring OpenSSL parameters, and prior to 2.9.0, failed to set verify_mode to VERIFY_PEER when a CA cert was provided, making MITM attacks possible. This matches both the CWE-295 description and the patch's nature of adding proper verification flags.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2019-7615: Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

CVE-2019-7615:

7.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

7.4

7.4

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2019-7615: Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI