Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-QRMW-H7G2-7VJJ

Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2022-05-14 03:32
VLAI
Details

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-8059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-11T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.",
  "id": "GHSA-qrmw-h7g2-7vjj",
  "modified": "2022-05-14T03:32:24Z",
  "published": "2022-05-14T03:32:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8059"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140144"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2018/03/07/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVH7-2QRG-6V75

Vulnerability from github – Published: 2022-05-24 21:59 – Updated: 2024-03-21 03:33
VLAI
Details

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-18T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.",
  "id": "GHSA-qvh7-2qrg-6v75",
  "modified": "2024-03-21T03:33:35Z",
  "published": "2022-05-24T21:59:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20200"
    },
    {
      "type": "WEB",
      "url": "https://github.com/square/okhttp/issues/4967"
    },
    {
      "type": "WEB",
      "url": "https://square.github.io/okhttp/3.x/okhttp"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8@%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8%40%3Cissues.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a@%3Cuser.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://github.com/square/okhttp/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/square/okhttp/commits/master"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2018120252"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVPR-VQ7H-28CR

Vulnerability from github – Published: 2026-02-13 09:30 – Updated: 2026-02-13 09:30
VLAI
Details

Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-13T09:16:07Z",
    "severity": "LOW"
  },
  "details": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.",
  "id": "GHSA-qvpr-vq7h-28cr",
  "modified": "2026-02-13T09:30:15Z",
  "published": "2026-02-13T09:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0872"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1\u0026id=kb_article_view\u0026sysparm_rank=1\u0026sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b\u0026sysparm_article=KB0030173"
    },
    {
      "type": "WEB",
      "url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QVRQ-RVH5-V2X2

Vulnerability from github – Published: 2023-02-28 03:30 – Updated: 2023-03-08 18:30
VLAI
Details

Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-28T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.",
  "id": "GHSA-qvrq-rvh5-v2x2",
  "modified": "2023-03-08T18:30:24Z",
  "published": "2023-02-28T03:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4895"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-105/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWFW-GGXW-577C

Vulnerability from github – Published: 2026-05-08 17:08 – Updated: 2026-05-15 23:46
VLAI
Summary
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
Details

Summary

Missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps.

Details

ex_webrtc validates the DTLS peer's certificate fingerprint against the value advertised in the SDP offer/answer when acting as the DTLS server (passive role). When acting as the DTLS client (active role) -- the default when answering a remote offer with a=setup:actpass, which is what browsers always send -- the fingerprint check was skipped on the handshake-completion code path that returns no outgoing packets. This is the most common deployment mode (e.g., an SFU or media server answering a browser's offer).

All released versions prior to 0.15.1 and 0.16.1 are affected. No backports to older lines are planned -- users should upgrade to 0.15.1 or 0.16.1.

Impact

The bug eliminates one half of WebRTC's mutual DTLS authentication. The security of the media and data-channel encryption then rests entirely on the remote peer's fingerprint check.

On its own, the bug does not allow:

  • Passive eavesdropping on SRTP media.
  • A network-positioned attacker to intercept media against a standards-compliant browser peer over a TLS-protected signalling channel -- the browser's fingerprint check prevents the second leg of the MITM from succeeding.

The bug does enable a full MITM on media and data channels when combined with any of:

  • Insecure signalling (HTTP / plain WebSocket) allowing SDP rewrite in transit.
  • A compromised or malicious signalling server.
  • A peer implementation with a similar fingerprint-validation gap.

Both audio/video media (SRTP) and data channels (SCTP-over-DTLS) are affected.

Patches

  • 0.15.1 (for the 0.15.x line)
  • 0.16.1 (for the 0.16.x line)

Workarounds

None. Upgrade is required.

Resources

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Hex",
        "name": "ex_webrtc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Hex",
        "name": "ex_webrtc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.16.0"
            },
            {
              "fixed": "0.16.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.16.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T17:08:18Z",
    "nvd_published_at": "2026-05-14T21:16:47Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nMissing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC\u0027s mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps.\n\n### Details\n`ex_webrtc` validates the DTLS peer\u0027s certificate fingerprint against the value advertised in the SDP offer/answer when acting as the DTLS server (passive role). When acting as the DTLS client (active role) -- the default when answering a remote offer with `a=setup:actpass`, which is what browsers always send -- the fingerprint check was skipped on the handshake-completion code path that returns no outgoing packets. This is the most common deployment mode (e.g., an SFU or media server answering a browser\u0027s offer).\n\nAll released versions prior to 0.15.1 and 0.16.1 are affected. No backports to older lines are planned -- users should upgrade to 0.15.1 or 0.16.1.\n\n### Impact\nThe bug eliminates one half of WebRTC\u0027s mutual DTLS authentication. The security of the media and data-channel encryption then rests entirely on the remote peer\u0027s fingerprint check.\n\nOn its own, the bug does **not** allow:\n\n- Passive eavesdropping on SRTP media.\n- A network-positioned attacker to intercept media against a standards-compliant browser peer over a TLS-protected signalling channel -- the browser\u0027s fingerprint check prevents the second leg of the MITM from succeeding.\n\nThe bug **does** enable a full MITM on media and data channels when combined with any of:\n\n- Insecure signalling (HTTP / plain WebSocket) allowing SDP rewrite in transit.\n- A compromised or malicious signalling server.\n- A peer implementation with a similar fingerprint-validation gap.\n\nBoth audio/video media (SRTP) and data channels (SCTP-over-DTLS) are affected.\n\n### Patches\n- `0.15.1` (for the 0.15.x line)\n- `0.16.1` (for the 0.16.x line)\n\n### Workarounds\nNone. Upgrade is required.\n\n### Resources\n- [Issue](https://github.com/elixir-webrtc/ex_webrtc/issues/249)\n- [PR](https://github.com/elixir-webrtc/ex_webrtc/pull/250)\n- [Release 0.15.1](https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1)\n- [Release 0.16.1](https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1)",
  "id": "GHSA-qwfw-ggxw-577c",
  "modified": "2026-05-15T23:46:08Z",
  "published": "2026-05-08T17:08:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/security/advisories/GHSA-qwfw-ggxw-577c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44700"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/issues/249"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/pull/250"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/commit/658c63221a869fb12bb9989599c3688751b0531b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elixir-webrtc/ex_webrtc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.15.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/elixir-webrtc/ex_webrtc/releases/tag/v0.16.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ex_webrtc client-role handshake is missing DTLS peer fingerprint validation"
}

GHSA-QX72-Q6W3-QGC7

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2024-10-22 16:47
VLAI
Summary
SaltStack Salt Improper SSL Certificate Validation
Details

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.11.7"
            },
            {
              "fixed": "2016.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2017.5.0"
            },
            {
              "fixed": "2017.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2018.2.0"
            },
            {
              "last_affected": "2018.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3000"
            },
            {
              "fixed": "3000.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3001"
            },
            {
              "fixed": "3001.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3002"
            },
            {
              "fixed": "3002.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T21:17:17Z",
    "nvd_published_at": "2021-02-27T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.",
  "id": "GHSA-qx72-q6w3-qgc7",
  "modified": "2024-10-22T16:47:40Z",
  "published": "2022-05-24T17:43:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35662"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5011"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-22"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202103-01"
    },
    {
      "type": "WEB",
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L18"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saltstack/salt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-75.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SaltStack Salt Improper SSL Certificate Validation"
}

GHSA-QX9F-2875-GHVF

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:14
VLAI
Details

Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5506"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-09T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks.",
  "id": "GHSA-qx9f-2875-ghvf",
  "modified": "2024-04-04T02:14:49Z",
  "published": "2022-05-24T16:58:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5506"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191009-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXF6-787J-FC5G

Vulnerability from github – Published: 2024-02-07 18:30 – Updated: 2024-02-07 18:30
VLAI
Details

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-47700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-07T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server.  This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data.  IBM X-Force ID:  271016.",
  "id": "GHSA-qxf6-787j-fc5g",
  "modified": "2024-02-07T18:30:27Z",
  "published": "2024-02-07T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47700"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7114767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXP6-M9JG-58RW

Vulnerability from github – Published: 2023-10-16 09:30 – Updated: 2024-04-04 08:40
VLAI
Details

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements.

This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.

This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-16T09:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n",
  "id": "GHSA-qxp6-m9jg-58rw",
  "modified": "2024-04-04T08:40:15Z",
  "published": "2023-10-16T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5422"
    },
    {
      "type": "WEB",
      "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R232-JMQM-J6G6

Vulnerability from github – Published: 2024-09-27 09:30 – Updated: 2024-12-11 03:31
VLAI
Details

Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T09:15:02Z",
    "severity": "MODERATE"
  },
  "details": "Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.",
  "id": "GHSA-r232-jmqm-j6g6",
  "modified": "2024-12-11T03:31:58Z",
  "published": "2024-09-27T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38861"
    },
    {
      "type": "WEB",
      "url": "https://exchange.checkmk.com/p/mikrotik"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.