CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-MPFM-FPGX-647Q
Vulnerability from github – Published: 2026-04-29 20:33 – Updated: 2026-05-14 20:39Impact
Configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks.
Patches
The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.11.4"
},
"package": {
"ecosystem": "PyPI",
"name": "ckan"
},
"ranges": [
{
"events": [
{
"introduced": "2.11.0"
},
{
"fixed": "2.11.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ckan"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41132"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T20:33:20Z",
"nvd_published_at": "2026-05-13T19:17:21Z",
"severity": "MODERATE"
},
"details": "### Impact\nConfigured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks.\n\n### Patches\nThe vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5",
"id": "GHSA-mpfm-fpgx-647q",
"modified": "2026-05-14T20:39:37Z",
"published": "2026-04-29T20:33:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-mpfm-fpgx-647q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41132"
},
{
"type": "WEB",
"url": "https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29"
},
{
"type": "WEB",
"url": "https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29"
},
{
"type": "PACKAGE",
"url": "https://github.com/ckan/ckan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "CKAN has no certificate validation on STMP connection"
}
GHSA-MPVX-WHPP-99XJ
Vulnerability from github – Published: 2024-07-31 21:32 – Updated: 2025-03-19 15:35Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mickael-kerjean/filestash"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-41256"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-02T16:40:57Z",
"nvd_published_at": "2024-07-31T21:15:18Z",
"severity": "HIGH"
},
"details": "Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack.",
"id": "GHSA-mpvx-whpp-99xj",
"modified": "2025-03-19T15:35:13Z",
"published": "2024-07-31T21:32:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41256"
},
{
"type": "WEB",
"url": "https://github.com/mickael-kerjean/filestash/issues/709"
},
{
"type": "WEB",
"url": "https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98"
},
{
"type": "PACKAGE",
"url": "https://github.com/mickael-kerjean/filestash"
},
{
"type": "WEB",
"url": "https://github.com/mickael-kerjean/filestash/blob/master/server/model/share.go#L132"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3035"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Filestash skips TLS certificate verification process when sending out email verification codes"
}
GHSA-MQFH-36P4-43QX
Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-06 00:00When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.
{
"affected": [],
"aliases": [
"CVE-2022-1805"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-28T15:15:00Z",
"severity": "HIGH"
},
"details": "When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.",
"id": "GHSA-mqfh-36p4-43qx",
"modified": "2022-08-06T00:00:54Z",
"published": "2022-07-29T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1805"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_6545906-6545930-16/hpsbhf03794"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQJV-J25Q-VX8X
Vulnerability from github – Published: 2024-04-23 21:30 – Updated: 2024-04-23 21:30A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-4063"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T19:15:46Z",
"severity": "LOW"
},
"details": "A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-mqjv-j25q-vx8x",
"modified": "2024-04-23T21:30:33Z",
"published": "2024-04-23T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4063"
},
{
"type": "WEB",
"url": "https://github.com/kzLiu2017/CVE_Document/blob/main/CVE_%20advisory_ezviz.pdf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.261789"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.261789"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.316408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MQV2-J79J-4GQF
Vulnerability from github – Published: 2021-11-19 00:00 – Updated: 2024-02-27 18:44Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions.
{
"affected": [],
"aliases": [
"CVE-2021-23155"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-296"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions.",
"id": "GHSA-mqv2-j79j-4gqf",
"modified": "2024-02-27T18:44:57Z",
"published": "2021-11-19T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23155"
},
{
"type": "WEB",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MQVW-JFMH-93QQ
Vulnerability from github – Published: 2026-04-28 00:31 – Updated: 2026-05-06 19:01Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra.
Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"last_affected": "3.3.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot-cassandra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40974"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T19:01:23Z",
"nvd_published_at": "2026-04-28T00:16:24Z",
"severity": "MODERATE"
},
"details": "Spring Boot\u0027s Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.",
"id": "GHSA-mqvw-jfmh-93qq",
"modified": "2026-05-06T19:01:23Z",
"published": "2026-04-28T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40974"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-boot"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-40974"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Spring Boot\u0027s Cassandra SSL auto-configuration disables TLS hostname verification"
}
GHSA-MRRQ-63XH-FCCM
Vulnerability from github – Published: 2025-02-10 21:31 – Updated: 2025-03-03 18:31MicroDicom DICOM Viewer version 2024.03
fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.
{
"affected": [],
"aliases": [
"CVE-2025-1002"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-10T21:15:21Z",
"severity": "MODERATE"
},
"details": "MicroDicom DICOM Viewer\u00a0version 2024.03\n\nfails to adequately verify the update server\u0027s certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server\u0027s response and deliver a malicious update to the user.",
"id": "GHSA-mrrq-63xh-fccm",
"modified": "2025-03-03T18:31:23Z",
"published": "2025-02-10T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1002"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MV8M-2W22-FQHX
Vulnerability from github – Published: 2022-07-21 00:00 – Updated: 2022-07-27 00:00IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.
{
"affected": [],
"aliases": [
"CVE-2021-29755"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-20T18:15:00Z",
"severity": "HIGH"
},
"details": "IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.",
"id": "GHSA-mv8m-2w22-fqhx",
"modified": "2022-07-27T00:00:46Z",
"published": "2022-07-21T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29755"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202015"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6605431"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MWGC-XRWW-2CRJ
Vulnerability from github – Published: 2026-07-17 15:32 – Updated: 2026-07-17 18:31Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled.
The default user agent is initialised with SSL_verify_mode explicitly disabled.
An attacker with network man-in-the-middle (MITM) capability between the Dancer application and googleapis.com can intercept the OAuth2 token exchange and userinfo fetch, return a forged access_token and user profile, and be logged in to the Dancer application as any Google user.
{
"affected": [],
"aliases": [
"CVE-2026-13410"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-17T13:17:56Z",
"severity": "HIGH"
},
"details": "Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled.\n\nThe default user agent is initialised with SSL_verify_mode explicitly disabled.\n\nAn attacker with network man-in-the-middle (MITM) capability between the Dancer application and googleapis.com can intercept the OAuth2 token exchange and userinfo fetch, return a forged access_token and user profile, and be logged in to the Dancer application as any Google user.",
"id": "GHSA-mwgc-xrww-2crj",
"modified": "2026-07-17T18:31:24Z",
"published": "2026-07-17T15:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13410"
},
{
"type": "WEB",
"url": "https://github.com/garu/Dancer-Plugin-Auth-Google/pull/5"
},
{
"type": "WEB",
"url": "https://metacpan.org/pod/Furl#HTTPS-requests-claims-warnings!"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/patches/D/Dancer-Plugin-Auth-Google/0.07/CVE-2026-13410-r1.patch"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/17/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MX47-H5FV-GHWH
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-01 05:52light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.networknt:light-oauth2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-31580"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-27T19:12:00Z",
"nvd_published_at": "2023-10-25T18:17:27Z",
"severity": "MODERATE"
},
"details": "light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.",
"id": "GHSA-mx47-h5fv-ghwh",
"modified": "2023-11-01T05:52:23Z",
"published": "2023-10-25T18:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31580"
},
{
"type": "WEB",
"url": "https://github.com/networknt/light-oauth2/issues/369"
},
{
"type": "WEB",
"url": "https://github.com/KANIXB/JWTIssues/blob/main/Certification%20Verification%20issue%20in%20light-oauth2.md"
},
{
"type": "PACKAGE",
"url": "https://github.com/networknt/light-oauth2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "light-oauth2 missing public key verification"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.