Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1903 vulnerabilities reference this CWE, most recent first.

GHSA-W3J6-8J34-Q43X

Vulnerability from github – Published: 2022-05-17 05:39 – Updated: 2024-09-13 14:18
VLAI
Summary
Apache Libcloud does not verify SSL certificates for HTTPS connections
Details

libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python's SSL module rather than directly with libcloud.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-libcloud"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2010-4340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-23T20:59:34Z",
    "nvd_published_at": "2011-09-12T12:41:00Z",
    "severity": "HIGH"
  },
  "details": "libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python\u0027s SSL module rather than directly with libcloud.",
  "id": "GHSA-w3j6-8j34-q43x",
  "modified": "2024-09-13T14:18:40Z",
  "published": "2022-05-17T05:39:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/libcloud/commit/87ee61e6ba03a43dcefea2ce180988bec066b6fd"
    },
    {
      "type": "WEB",
      "url": "https://bugs.python.org/issue1589"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/libcloud"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-libcloud/PYSEC-2011-24.yaml"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
    },
    {
      "type": "WEB",
      "url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E"
    },
    {
      "type": "WEB",
      "url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
    },
    {
      "type": "WEB",
      "url": "http://wiki.apache.org/incubator/LibcloudSSL"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Libcloud does not verify SSL certificates for HTTPS connections"
}

GHSA-W3W5-RFWV-898Q

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32745"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-22T14:16:24Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerFlex Manager, version(s) \u003c=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.",
  "id": "GHSA-w3w5-rfwv-898q",
  "modified": "2026-05-26T13:30:16Z",
  "published": "2026-05-26T13:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32745"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W45J-F832-HXVH

Vulnerability from github – Published: 2022-05-25 19:26 – Updated: 2023-08-29 23:28
VLAI
Summary
Pion/DLTS Accepts Client Certificates Without CertificateVerify
Details

Impact

A DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it.

This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to v2.1.5

Patches

Upgrade to Pion DTLS v2.1.5

Workarounds

No workarounds available, upgrade to Pion DTLS v2.1.5

References

Thank you to Juho Nurminen and the Mattermost team for discovering and reporting this.

For more information

If you have any questions or comments about this advisory: * Open an issue in Pion DTLS * Email us at team@pion.ly

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/pion/dtls"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/pion/dtls/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-25T19:26:09Z",
    "nvd_published_at": "2022-05-21T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA DTLS Client could provide a Certificate that it doesn\u0027t posses the private key for and Pion DTLS wouldn\u0027t reject it. \n\nThis issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can\u0027t be trusted when using a Pion DTLS server prior to v2.1.5\n\n### Patches\nUpgrade to Pion DTLS v2.1.5\n\n### Workarounds\nNo workarounds available, upgrade to Pion DTLS v2.1.5\n\n### References\nThank you to [Juho Nurminen](https://github.com/jupenur) and the Mattermost team for discovering and reporting this. \n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Pion DTLS](http://github.com/pion/dtls)\n* Email us at [team@pion.ly](mailto:team@pion.ly)",
  "id": "GHSA-w45j-f832-hxvh",
  "modified": "2023-08-29T23:28:42Z",
  "published": "2022-05-25T19:26:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29222"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pion/dtls/releases/tag/v2.1.5"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0462"
    },
    {
      "type": "PACKAGE",
      "url": "github.com/pion/dtls"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pion/DLTS Accepts Client Certificates Without CertificateVerify"
}

GHSA-W48X-694X-M8Q8

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2024-04-04 02:51
VLAI
Details

The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-26T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.",
  "id": "GHSA-w48x-694x-m8q8",
  "modified": "2024-04-04T02:51:13Z",
  "published": "2022-05-24T17:18:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13616"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pichi-router/pichi/commit/4698664233bc324f26658d2b041bfe6ea022c573"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pichi-router/pichi/releases/tag/1.3.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W496-Q2JP-3QX5

Vulnerability from github – Published: 2022-09-15 00:00 – Updated: 2022-09-17 00:00
VLAI
Details

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-14T03:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.",
  "id": "GHSA-w496-q2jp-3qx5",
  "modified": "2022-09-17T00:00:31Z",
  "published": "2022-09-15T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34831"
    },
    {
      "type": "WEB",
      "url": "https://support.keyfactor.com/s/detail/a6x1Q000000CwC5QAK"
    },
    {
      "type": "WEB",
      "url": "https://www.primekey.com/products/ejbca-enterprise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W4G2-9HJ6-5472

Vulnerability from github – Published: 2018-10-18 18:06 – Updated: 2021-09-20 22:35
VLAI
Summary
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Details

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.amqp:spring-amqp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.amqp:spring-amqp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.rabbitmq:amqp-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.rabbitmq:amqp-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:59:27Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.",
  "id": "GHSA-w4g2-9hj6-5472",
  "modified": "2021-09-20T22:35:57Z",
  "published": "2018-10-18T18:06:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11087"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-w4g2-9hj6-5472"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2018-11087"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp"
}

GHSA-W4VM-8M9W-5QWM

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-07-28 00:00
VLAI
Details

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-25T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.",
  "id": "GHSA-w4vm-8m9w-5qwm",
  "modified": "2022-07-28T00:00:47Z",
  "published": "2022-05-24T17:26:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16197"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OctopusDeploy/Issues/issues/6529"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OctopusDeploy/Issues/issues/6530"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OctopusDeploy/Issues/issues/6531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W589-R335-4F55

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2024-10-26 22:49
VLAI
Summary
SaltStack Salt Improper Certificate Validation
Details

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.11.7"
            },
            {
              "fixed": "2016.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2017.5.0"
            },
            {
              "fixed": "2017.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2018.2.0"
            },
            {
              "last_affected": "2018.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3000"
            },
            {
              "fixed": "3000.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3001"
            },
            {
              "fixed": "3001.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3002"
            },
            {
              "fixed": "3002.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T21:17:21Z",
    "nvd_published_at": "2021-02-27T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the `vmware.py` files) does not always validate the SSL/TLS certificate.",
  "id": "GHSA-w589-r335-4f55",
  "modified": "2024-10-26T22:49:11Z",
  "published": "2022-05-24T17:43:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28972"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5011"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-22"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202103-01"
    },
    {
      "type": "WEB",
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2358"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saltstack/salt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-74.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SaltStack Salt Improper Certificate Validation"
}

GHSA-W5FC-H82J-VQ6W

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28
VLAI
Details

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-8019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-31T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",
  "id": "GHSA-w5fc-h82j-vq6w",
  "modified": "2022-05-13T01:28:42Z",
  "published": "2022-05-13T01:28:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8019"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2469"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2470"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104936"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5FP-2J8V-X63M

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39
VLAI
Details

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.\n These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device.\n For more information about these vulnerabilities, see the Details section of this advisory.\n ",
  "id": "GHSA-w5fp-2j8v-x63m",
  "modified": "2022-05-24T17:39:39Z",
  "published": "2022-05-24T17:39:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1276"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.