CVSS v3.x: 7.4 (High)
- >= 2.9.0
A TLS certificate validation flaw was found in Elastic APM agent for
Ruby versions before 2.9.0. When specifying a trusted server CA certificate via
server_ca_cert setting, the Ruby agent would not properly verify the certificate
returned by the APM server. This could result in a man in the middle style attack
against the Ruby agent.