Impact
Because osquery does not correctly verify the TLS SNI hostname, it may be possible to present a valid certificate for a different TLS endpoint and, in the absence of a configured root chain of trust in osquery, MitM osquery traffic.
Patches
This was fixed in #6197
References
See the issue and discussion #6212
Impact
Because osquery does not correctly verify the TLS SNI hostname, it may be possible to present a valid certificate for a different TLS endpoint and, in the absence of a configured root chain of trust in osquery, MitM osquery traffic.
Patches
This was fixed in #6197
References
See the issue and discussion #6212