CVE-2023-31421

CVE-2023-31421 is a medium-severity vulnerability in Elastic Elastic Beats with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-295.

Key facts

Description

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.

Frequently asked questions

What is CVE-2023-31421?
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.
How severe is CVE-2023-31421?
CVE-2023-31421 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
Is CVE-2023-31421 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2023-31421?
CVE-2023-31421 primarily affects Elastic Elastic Beats. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2023-31421?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2023-31421 published?
CVE-2023-31421 was published on 2023-10-26 and last updated on 2026-06-17.

References

Affected products (4)

More vulnerabilities in Elastic Elastic Beats

All CVEs affecting Elastic Elastic Beats →

Other CWE-295 (Improper Certificate Validation) vulnerabilities

Browse all CWE-295 (Improper Certificate Validation) vulnerabilities →