CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-JWRM-86H9-FVJ6
Vulnerability from github – Published: 2023-02-16 18:30 – Updated: 2023-02-27 15:30Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.
{
"affected": [],
"aliases": [
"CVE-2022-48306"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T16:15:00Z",
"severity": "MODERATE"
},
"details": "Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.",
"id": "GHSA-jwrm-86h9-fvj6",
"modified": "2023-02-27T15:30:22Z",
"published": "2023-02-16T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48306"
},
{
"type": "WEB",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JWV2-8X85-V883
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-04-20 03:36Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
{
"affected": [],
"aliases": [
"CVE-2016-1148"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-21T14:59:00Z",
"severity": "HIGH"
},
"details": "Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.",
"id": "GHSA-jwv2-8x85-v883",
"modified": "2025-04-20T03:36:28Z",
"published": "2022-05-13T01:25:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1148"
},
{
"type": "WEB",
"url": "https://akerun.com/2016-02-12-akerun-ios-app-security-update"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN22578691/index.html"
},
{
"type": "WEB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JXG7-CGHF-MGGX
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2023-03-03 23:10VMware Lab Manager Slaves Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.
As of publication of this advisory, there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:labmanager"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10382"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-03T23:10:08Z",
"nvd_published_at": "2019-08-07T15:15:00Z",
"severity": "MODERATE"
},
"details": "VMware Lab Manager Slaves Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.\n\nAs of publication of this advisory, there is no fix.",
"id": "GHSA-jxg7-cghf-mggx",
"modified": "2023-03-03T23:10:08Z",
"published": "2022-05-24T16:52:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10382"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1376"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/07/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation"
}
GHSA-JXQ2-J93Q-943X
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-12-26 03:30An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
{
"affected": [],
"aliases": [
"CVE-2020-36425"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-19T17:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.",
"id": "GHSA-jxq2-j93q-943x",
"modified": "2022-12-26T03:30:21Z",
"published": "2022-05-24T19:08:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36425"
},
{
"type": "WEB",
"url": "https://github.com/ARMmbed/mbedtls/issues/3340"
},
{
"type": "WEB",
"url": "https://github.com/ARMmbed/mbedtls/pull/3433"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/740108"
},
{
"type": "WEB",
"url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8"
},
{
"type": "WEB",
"url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0"
},
{
"type": "WEB",
"url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M23G-3PFX-M455
Vulnerability from github – Published: 2024-05-16 12:30 – Updated: 2024-05-16 12:30In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
{
"affected": [],
"aliases": [
"CVE-2024-35299"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T11:15:47Z",
"severity": "MODERATE"
},
"details": "In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation",
"id": "GHSA-m23g-3pfx-m455",
"modified": "2024-05-16T12:30:21Z",
"published": "2024-05-16T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35299"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M272-RH3V-6HFM
Vulnerability from github – Published: 2026-04-28 09:34 – Updated: 2026-04-29 21:31Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attacker to achieve user-level remote code execution on the affected client.
{
"affected": [],
"aliases": [
"CVE-2025-10539"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T09:16:16Z",
"severity": "MODERATE"
},
"details": "Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attacker to achieve user-level remote code execution on the affected client.",
"id": "GHSA-m272-rh3v-6hfm",
"modified": "2026-04-29T21:31:24Z",
"published": "2026-04-28T09:34:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10539"
},
{
"type": "WEB",
"url": "https://desktime.com/download"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/desktime"
},
{
"type": "WEB",
"url": "https://sec-consult.com/vulnerability-lab/advisory/missing-tls-certificate-validation-leading-to-rce-in-desktime-time-tracking-app"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2026/Apr/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2026/Apr/21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M277-PP25-MFHQ
Vulnerability from github – Published: 2022-05-14 03:00 – Updated: 2022-05-14 03:00The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.
{
"affected": [],
"aliases": [
"CVE-2018-12499"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-02T16:29:00Z",
"severity": "HIGH"
},
"details": "The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.",
"id": "GHSA-m277-pp25-mfhq",
"modified": "2022-05-14T03:00:30Z",
"published": "2022-05-14T03:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12499"
},
{
"type": "WEB",
"url": "https://blog.sean-wright.com/cve-2018-12499"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M35W-J7WJ-374V
Vulnerability from github – Published: 2023-06-13 12:30 – Updated: 2024-04-04 04:46Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.
{
"affected": [],
"aliases": [
"CVE-2023-29501"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T10:15:10Z",
"severity": "MODERATE"
},
"details": "Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.",
"id": "GHSA-m35w-j7wj-374v",
"modified": "2024-04-04T04:46:14Z",
"published": "2023-06-13T12:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29501"
},
{
"type": "WEB",
"url": "https://apps.apple.com/jp/app/%E8%87%AA%E9%81%8A%E7%A9%BA%E9%96%93%E3%81%A8%E3%81%8F%E3%81%A8%E3%81%8F%E3%82%AF%E3%83%BC%E3%83%9D%E3%83%B3/id608149604"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN33836375"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=jp.runsystem"
},
{
"type": "WEB",
"url": "https://www.runsystem.co.jp/g1-pr/17570"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M3HP-XVXM-2X7Q
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
{
"affected": [],
"aliases": [
"CVE-2018-5466"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-26T14:29:00Z",
"severity": "HIGH"
},
"details": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"id": "GHSA-m3hp-xvxm-2x7q",
"modified": "2022-05-13T01:32:06Z",
"published": "2022-05-13T01:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5466"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"type": "WEB",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M3HQ-3QJ8-C5FM
Vulnerability from github – Published: 2026-02-02 06:30 – Updated: 2026-03-26 21:31A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "fog-kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1530"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-02T21:02:03Z",
"nvd_published_at": "2026-02-02T06:16:20Z",
"severity": "HIGH"
},
"details": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.",
"id": "GHSA-m3hq-3qj8-c5fm",
"modified": "2026-03-26T21:31:19Z",
"published": "2026-02-02T06:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1530"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/pull/168"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5970"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5971"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-1530"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
},
{
"type": "PACKAGE",
"url": "https://github.com/fog/fog-kubevirt"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.