Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1905 vulnerabilities reference this CWE, most recent first.

GHSA-V8QH-5C5W-48PP

Vulnerability from github – Published: 2025-05-22 15:34 – Updated: 2025-05-22 18:31
VLAI
Details

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.

Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use.

A copy & paste error during minor refactoring of the code introduced this issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate should be trusted only for the purpose of authenticating TLS servers but not for CMS signature verification and the CMS signature verification is intended to be marked as rejected with the -addreject option, the resulting CA certificate will be trusted for CMS signature verification purpose instead.

Only users which use the trusted certificate format who use the openssl x509 command line application to add rejected uses are affected by this issue. The issues affecting only the command line application are considered to be Low severity.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-22T14:16:07Z",
    "severity": "MODERATE"
  },
  "details": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.",
  "id": "GHSA-v8qh-5c5w-48pp",
  "modified": "2025-05-22T18:31:15Z",
  "published": "2025-05-22T15:34:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4575"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa"
    },
    {
      "type": "WEB",
      "url": "https://openssl-library.org/news/secadv/20250522.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/05/22/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V8RR-9CWW-2334

Vulnerability from github – Published: 2023-02-16 18:30 – Updated: 2023-02-27 18:32
VLAI
Details

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27890"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.",
  "id": "GHSA-v8rr-9cww-2334",
  "modified": "2023-02-27T18:32:02Z",
  "published": "2023-02-16T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27890"
    },
    {
      "type": "WEB",
      "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-15.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V95X-XHQ5-4929

Vulnerability from github – Published: 2026-07-16 19:12 – Updated: 2026-07-16 19:12
VLAI
Summary
kumactl connects to control plane without verifying TLS certificate when no CA is configured
Details

When an operator adds an HTTPS control plane profile to kumactl without providing a CA certificate, kumactl disables TLS verification and sends API tokens over the unverified connection

Impact

An attacker on the network path between the operator and the control plane can intercept user or admin API tokens and then act against the control plane as that user

Affected configurations

  • kumactl profiles manually added against an HTTPS control plane endpoint without --ca-cert-file

Not affected

  • The default local profile, which uses plain HTTP

Workarounds

When adding an HTTPS control plane profile to kumactl, always pass --ca-cert-file pointing at the control plane's serving CA. Alternatively, terminate the control plane behind a publicly trusted certificate; the patched releases will verify successfully against the operating system trust store with no further configuration

Resources

  • Fix: https://github.com/kumahq/kuma/pull/16777
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.9.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.11.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.12.0"
            },
            {
              "fixed": "2.12.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.13.0"
            },
            {
              "fixed": "2.13.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kumahq/kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-16T19:12:08Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "When an operator adds an HTTPS control plane profile to `kumactl` without providing a CA certificate, `kumactl` disables TLS verification and sends API tokens over the unverified connection\n\n## Impact\n\nAn attacker on the network path between the operator and the control plane can intercept user or admin API tokens and then act against the control plane as that user\n\n## Affected configurations\n\n- `kumactl` profiles manually added against an HTTPS control plane endpoint without `--ca-cert-file`\n\n## Not affected\n\n- The default local profile, which uses plain HTTP\n\n## Workarounds\n\nWhen adding an HTTPS control plane profile to `kumactl`, always pass `--ca-cert-file` pointing at the control plane\u0027s serving CA. Alternatively, terminate the control plane behind a publicly trusted certificate; the patched releases will verify successfully against the operating system trust store with no further configuration\n\n## Resources\n\n- Fix: https://github.com/kumahq/kuma/pull/16777",
  "id": "GHSA-v95x-xhq5-4929",
  "modified": "2026-07-16T19:12:08Z",
  "published": "2026-07-16T19:12:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/security/advisories/GHSA-v95x-xhq5-4929"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/pull/16777"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kumahq/kuma/commit/2ecadac1aa2fd8cded4c2ab768949f4c2ec83e2a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kumahq/kuma"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "kumactl connects to control plane without verifying TLS certificate when no CA is configured"
}

GHSA-V98W-P8F7-9QQF

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-10-22 18:31
VLAI
Details

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-4000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-21T00:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",
  "id": "GHSA-v98w-p8f7-9qqf",
  "modified": "2024-10-22T18:31:59Z",
  "published": "2022-05-13T01:07:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000"
    },
    {
      "type": "WEB",
      "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
    },
    {
      "type": "WEB",
      "url": "https://openssl.org/news/secadv/20150611.txt"
    },
    {
      "type": "WEB",
      "url": "https://puppet.com/security/cve/CVE-2015-4000"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201506-02"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201512-10"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-11"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-46"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20150619-0001"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
    },
    {
      "type": "WEB",
      "url": "https://weakdh.org"
    },
    {
      "type": "WEB",
      "url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
    },
    {
      "type": "WEB",
      "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv_20150611.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa98"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "type": "WEB",
      "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
    },
    {
      "type": "WEB",
      "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
    },
    {
      "type": "WEB",
      "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
    },
    {
      "type": "WEB",
      "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
    },
    {
      "type": "WEB",
      "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
    },
    {
      "type": "WEB",
      "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/05/20/8"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT204941"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT204942"
    },
    {
      "type": "WEB",
      "url": "http://support.citrix.com/article/CTX201114"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
    },
    {
      "type": "WEB",
      "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3287"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3300"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3316"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3324"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3339"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3688"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74733"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91787"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032474"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032475"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032476"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032637"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032645"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032647"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032648"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032649"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032650"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032651"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032652"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032653"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032654"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032655"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032656"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032688"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032699"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032702"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032727"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032759"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032777"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032778"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032783"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032784"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032856"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032864"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032865"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032871"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032884"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032910"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032932"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032960"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033019"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033064"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033065"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033067"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033208"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033209"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033210"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033222"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033341"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033385"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033416"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033430"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033433"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033513"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033760"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033891"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033991"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034087"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034728"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034884"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036218"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040630"
    },
    {
      "type": "WEB",
      "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2656-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2656-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2673-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2696-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2706-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VC62-M272-7VG5

Vulnerability from github – Published: 2022-05-14 03:27 – Updated: 2022-05-14 03:27
VLAI
Details

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-03T06:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"APNs\" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.",
  "id": "GHSA-vc62-m272-7vg5",
  "modified": "2022-05-14T03:27:08Z",
  "published": "2022-05-14T03:27:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13863"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208112"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCGJ-J8C5-2H52

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2024-01-30 22:46
VLAI
Summary
Jenkins Active Directory Plugin did not verify certificate of AD server
Details

It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:active-directory"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-2649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:46:41Z",
    "nvd_published_at": "2018-07-27T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.",
  "id": "GHSA-vcgj-j8c5-2h52",
  "modified": "2024-01-30T22:46:41Z",
  "published": "2022-05-13T01:36:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2649"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2017-03-20"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Active Directory Plugin did not verify certificate of AD server"
}

GHSA-VCRQ-9J44-R9J2

Vulnerability from github – Published: 2022-05-14 01:36 – Updated: 2022-05-14 01:36
VLAI
Details

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-09T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP \u003e Server \u003e Controller (HUB) \u003e Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server\u0027s fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.",
  "id": "GHSA-vcrq-9j44-r9j2",
  "modified": "2022-05-14T01:36:14Z",
  "published": "2022-05-14T01:36:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19982"
    },
    {
      "type": "WEB",
      "url": "https://github.com/min1233/CVE/blob/master/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCVX-R925-7VH9

Vulnerability from github – Published: 2023-12-06 09:30 – Updated: 2023-12-12 18:31
VLAI
Details

Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-06T09:15:08Z",
    "severity": "HIGH"
  },
  "details": "Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.",
  "id": "GHSA-vcvx-r925-7vh9",
  "modified": "2023-12-12T18:31:31Z",
  "published": "2023-12-06T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49247"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/12"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202312-0000001758430245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCX9-7PCC-Q8C7

Vulnerability from github – Published: 2023-04-15 00:30 – Updated: 2024-04-04 03:28
VLAI
Details

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-15T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named \"public\" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.",
  "id": "GHSA-vcx9-7pcc-q8c7",
  "modified": "2024-04-04T03:28:53Z",
  "published": "2023-04-15T00:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26463"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strongswan/strongswan/releases"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230517-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VF2W-CQ9R-CWVW

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-04-05 00:01
VLAI
Details

Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889.",
  "id": "GHSA-vf2w-cq9r-cwvw",
  "modified": "2022-04-05T00:01:16Z",
  "published": "2021-12-16T00:01:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43882"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43882"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1553"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.