From 7d927c359bfe384153c5de722dbb2ef85f43b7ee Mon Sep 17 00:00:00 2001 From: Al Snow <43523+jasnow@users.noreply.github.com> Date: Fri, 3 Jul 2026 10:06:52 -0400 Subject: [PATCH] GHSA/SYNC: 1 new advisory --- gems/logstash-output-tcp/CVE-2025-37730.yml | 32 +++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 gems/logstash-output-tcp/CVE-2025-37730.yml diff --git a/gems/logstash-output-tcp/CVE-2025-37730.yml b/gems/logstash-output-tcp/CVE-2025-37730.yml new file mode 100644 index 0000000000..b1cd18a492 --- /dev/null +++ b/gems/logstash-output-tcp/CVE-2025-37730.yml @@ -0,0 +1,32 @@ +--- +gem: logstash-output-tcp +cve: 2025-37730 +ghsa: qrf7-ph5v-mj2v +url: https://nvd.nist.gov/vuln/detail/CVE-2025-37730 +title: Improper certificate validation in Logstash's TCP output... +date: 2025-05-06 +description: | + Improper certificate validation in Logstash's TCP output could lead + to a man-in-the-middle (MitM) attack in “client” mode, as hostname + verification in TCP output was not being performed when the + ssl_verification_mode => full was set. +cvss_v3: 6.5 +patched_versions: + - "~> 6.2.2" + - ">= 7.0.1" +related: + url: + - https://nvd.nist.gov/vuln/detail/CVE-2025-37730 + - https://rubygems.org/gems/logstash-output-tcp/versions/7.0.1 + - https://rubygems.org/gems/logstash-output-tcp/versions/6.2.2 + - https://github.com/logstash-plugins/logstash-output-tcp/blob/main/CHANGELOG.md#701 + - https://github.com/logstash-plugins/logstash-output-tcp/pull/61 + - https://github.com/logstash-plugins/logstash-output-tcp/commit/e32bd16a1d96cd0bc821fa4b93149934050f4040 + - https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869 + - https://github.com/advisories/GHSA-qrf7-ph5v-mj2v +notes: | + - GHSA is unreviewed. + - Used cvss_v3 and date from nvs.nist.gov URL. + - Above discuss URL says "Alternatively, users may also + upgrade the TCP output plugin to 6.2.2 or 7.0.1 by running + bin/logstash-plugin update logstash-output-tcp."