Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1903 vulnerabilities reference this CWE, most recent first.

GHSA-XM9F-FPH8-8369

Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2025-10-22 00:32
VLAI
Details

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20963"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519",
  "id": "GHSA-xm9f-fph8-8369",
  "modified": "2025-10-22T00:32:43Z",
  "published": "2023-03-24T21:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20963"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-03-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMM7-85WH-J3JF

Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-09-01 00:00
VLAI
Details

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-25T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using \u0027trust\u0027 authentication with a \u0027clientcert\u0027 requirement or to use \u0027cert\u0027 authentication, a man-in-the-middle attacker can inject false responses to the client\u0027s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.",
  "id": "GHSA-xmm7-85wh-j3jf",
  "modified": "2022-09-01T00:00:22Z",
  "published": "2022-08-26T00:03:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43767"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yandex/odyssey/issues/377,"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/support/security/CVE-2021-23222"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XMQV-PFW7-QMJ7

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2023-10-26 22:18
VLAI
Summary
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
Details

CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application.

CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment for the specific connection.

This issue was caused by an incomplete fix for SECURITY-937.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.6"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:electricflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-26T22:18:30Z",
    "nvd_published_at": "2019-06-11T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application.\n\nCloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment for the specific connection.\n\nThis issue was caused by an incomplete fix for [SECURITY-937](https://www.jenkins.io/security/advisory/2019-02-19/#SECURITY-937).",
  "id": "GHSA-xmqv-pfw7-qmj7",
  "modified": "2023-10-26T22:18:30Z",
  "published": "2022-05-24T16:47:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10334"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/electricflow-plugin/commit/d0b807d5e2de07a90d902401bae033c2907b850a"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1411"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227033720/http://www.securityfocus.com/bid/108747"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/11/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation"
}

GHSA-XP29-43PM-7R9G

Vulnerability from github – Published: 2026-02-12 12:31 – Updated: 2026-02-12 15:32
VLAI
Details

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15573"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-12T11:15:47Z",
    "severity": "CRITICAL"
  },
  "details": "The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.",
  "id": "GHSA-xp29-43pm-7r9g",
  "modified": "2026-02-12T15:32:47Z",
  "published": "2026-02-12T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15573"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/solax"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XP43-GQWV-MMJP

Vulnerability from github – Published: 2022-05-14 01:15 – Updated: 2022-05-14 01:15
VLAI
Details

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-21T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-xp43-gqwv-mmjp",
  "modified": "2022-05-14T01:15:47Z",
  "published": "2022-05-14T01:15:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8351"
    },
    {
      "type": "WEB",
      "url": "https://support.heimdalsecurity.com/hc/en-us/articles/360001084158-Release-2-5-172-PROD-Update"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPH7-GHPX-JXPR

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48
VLAI
Details

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-13T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.",
  "id": "GHSA-xph7-ghpx-jxpr",
  "modified": "2022-05-13T01:48:47Z",
  "published": "2022-05-13T01:48:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10403"
    },
    {
      "type": "WEB",
      "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XPV9-P7VG-QHRC

Vulnerability from github – Published: 2026-06-26 00:32 – Updated: 2026-06-27 21:30
VLAI
Details

OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target's serial would match, returning the wrong certificate's status. The fix requires the serial lengths to be equal before comparing the serial bytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T22:16:59Z",
    "severity": "MODERATE"
  },
  "details": "OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two serial numbers to be of equal length, so a SingleResponse for one certificate (same issuer) whose serial is a prefix of the target\u0027s serial would match, returning the wrong certificate\u0027s status. The fix requires the serial lengths to be equal before comparing the serial bytes.",
  "id": "GHSA-xpv9-p7vg-qhrc",
  "modified": "2026-06-27T21:30:27Z",
  "published": "2026-06-26T00:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10098"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/10554"
    },
    {
      "type": "WEB",
      "url": "https://www.wolfssl.com/docs/security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XQM3-JFJ9-8PF2

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2024-04-04 02:46
VLAI
Details

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-0294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.",
  "id": "GHSA-xqm3-jfj9-8pf2",
  "modified": "2024-04-04T02:46:56Z",
  "published": "2022-05-24T17:07:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0294"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XQW6-233F-6MQ4

Vulnerability from github – Published: 2022-05-14 03:16 – Updated: 2022-05-14 03:16
VLAI
Details

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4991"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-19T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.",
  "id": "GHSA-xqw6-233f-6mq4",
  "modified": "2022-05-14T03:16:49Z",
  "published": "2022-05-14T03:16:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4991"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104103"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040860"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XR44-2PV4-GW8R

Vulnerability from github – Published: 2024-01-25 09:30 – Updated: 2024-01-31 21:31
VLAI
Details

SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-25T08:15:08Z",
    "severity": "MODERATE"
  },
  "details": "SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.",
  "id": "GHSA-xr44-2pv4-gw8r",
  "modified": "2024-01-31T21:31:03Z",
  "published": "2024-01-25T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33760"
    },
    {
      "type": "WEB",
      "url": "https://github.com/twignet/splicecom"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.