Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-JWRM-86H9-FVJ6

Vulnerability from github – Published: 2023-02-16 18:30 – Updated: 2023-02-27 15:30
VLAI
Details

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.",
  "id": "GHSA-jwrm-86h9-fvj6",
  "modified": "2023-02-27T15:30:22Z",
  "published": "2023-02-16T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48306"
    },
    {
      "type": "WEB",
      "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWV2-8X85-V883

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-04-20 03:36
VLAI
Details

Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-21T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.",
  "id": "GHSA-jwv2-8x85-v883",
  "modified": "2025-04-20T03:36:28Z",
  "published": "2022-05-13T01:25:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1148"
    },
    {
      "type": "WEB",
      "url": "https://akerun.com/2016-02-12-akerun-ios-app-security-update"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN22578691/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000019.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXG7-CGHF-MGGX

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2023-03-03 23:10
VLAI
Summary
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
Details

VMware Lab Manager Slaves Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.

As of publication of this advisory, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:labmanager"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-03T23:10:08Z",
    "nvd_published_at": "2019-08-07T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Lab Manager Slaves Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.\n\nAs of publication of this advisory, there is no fix.",
  "id": "GHSA-jxg7-cghf-mggx",
  "modified": "2023-03-03T23:10:08Z",
  "published": "2022-05-24T16:52:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10382"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1376"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation"
}

GHSA-JXQ2-J93Q-943X

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-12-26 03:30
VLAI
Details

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-19T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.",
  "id": "GHSA-jxq2-j93q-943x",
  "modified": "2022-12-26T03:30:21Z",
  "published": "2022-05-24T19:08:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/issues/3340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/pull/3433"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/740108"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M23G-3PFX-M455

Vulnerability from github – Published: 2024-05-16 12:30 – Updated: 2024-05-16 12:30
VLAI
Details

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-35299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-16T11:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation",
  "id": "GHSA-m23g-3pfx-m455",
  "modified": "2024-05-16T12:30:21Z",
  "published": "2024-05-16T12:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35299"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M272-RH3V-6HFM

Vulnerability from github – Published: 2026-04-28 09:34 – Updated: 2026-04-29 21:31
VLAI
Details

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attacker to achieve user-level remote code execution on the affected client.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-28T09:16:16Z",
    "severity": "MODERATE"
  },
  "details": "Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attacker to achieve user-level remote code execution on the affected client.",
  "id": "GHSA-m272-rh3v-6hfm",
  "modified": "2026-04-29T21:31:24Z",
  "published": "2026-04-28T09:34:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10539"
    },
    {
      "type": "WEB",
      "url": "https://desktime.com/download"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/desktime"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/vulnerability-lab/advisory/missing-tls-certificate-validation-leading-to-rce-in-desktime-time-tracking-app"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2026/Apr/20"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2026/Apr/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M277-PP25-MFHQ

Vulnerability from github – Published: 2022-05-14 03:00 – Updated: 2022-05-14 03:00
VLAI
Details

The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-02T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.",
  "id": "GHSA-m277-pp25-mfhq",
  "modified": "2022-05-14T03:00:30Z",
  "published": "2022-05-14T03:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12499"
    },
    {
      "type": "WEB",
      "url": "https://blog.sean-wright.com/cve-2018-12499"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M35W-J7WJ-374V

Vulnerability from github – Published: 2023-06-13 12:30 – Updated: 2024-04-04 04:46
VLAI
Details

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T10:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.",
  "id": "GHSA-m35w-j7wj-374v",
  "modified": "2024-04-04T04:46:14Z",
  "published": "2023-06-13T12:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29501"
    },
    {
      "type": "WEB",
      "url": "https://apps.apple.com/jp/app/%E8%87%AA%E9%81%8A%E7%A9%BA%E9%96%93%E3%81%A8%E3%81%8F%E3%81%A8%E3%81%8F%E3%82%AF%E3%83%BC%E3%83%9D%E3%83%B3/id608149604"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN33836375"
    },
    {
      "type": "WEB",
      "url": "https://play.google.com/store/apps/details?id=jp.runsystem"
    },
    {
      "type": "WEB",
      "url": "https://www.runsystem.co.jp/g1-pr/17570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M3HP-XVXM-2X7Q

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32
VLAI
Details

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-26T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
  "id": "GHSA-m3hp-xvxm-2x7q",
  "modified": "2022-05-13T01:32:06Z",
  "published": "2022-05-13T01:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5466"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
    },
    {
      "type": "WEB",
      "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M3HQ-3QJ8-C5FM

Vulnerability from github – Published: 2026-02-02 06:30 – Updated: 2026-03-26 21:31
VLAI
Summary
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
Details

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "fog-kubevirt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-1530"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-02T21:02:03Z",
    "nvd_published_at": "2026-02-02T06:16:20Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.",
  "id": "GHSA-m3hq-3qj8-c5fm",
  "modified": "2026-03-26T21:31:19Z",
  "published": "2026-02-02T06:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1530"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fog/fog-kubevirt/pull/168"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:5970"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:5971"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1530"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fog/fog-kubevirt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation"
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.