Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-M447-7FH7-88XC

Vulnerability from github – Published: 2026-02-11 18:31 – Updated: 2026-02-12 15:32
VLAI
Details

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-70029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T18:16:06Z",
    "severity": "HIGH"
  },
  "details": "An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting \u0027rejectUnauthorized\u0027: false in HTTP request options",
  "id": "GHSA-m447-7fh7-88xc",
  "modified": "2026-02-12T15:32:43Z",
  "published": "2026-02-11T18:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70029"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/zcxlighthouse/e662c8316f98a1c72735cda4f6bfcfe6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sunbird-Ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sunbird-Ed/SunbirdEd-portal"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M462-MQW4-2C8M

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2026-02-06 22:58
VLAI
Summary
Mattermost Server has X.509 Improper Certificate Validation
Details

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.7-rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.7.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.8.0"
            },
            {
              "fixed": "3.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-18911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-06T22:58:06Z",
    "nvd_published_at": "2020-06-19T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.",
  "id": "GHSA-m462-mqw4-2c8m",
  "modified": "2026-02-06T22:58:06Z",
  "published": "2022-05-24T17:21:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18911"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/222bce0c5c1abb2f58c3a6de1fe8c5d3accffb21"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/691c18157025d4808b5b11de1d6de01050e54fa6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/e9bb8cdfb4915067349a4840ab15ff941c4eb070"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost Server has X.509 Improper Certificate Validation"
}

GHSA-M4JM-XMCC-HJCM

Vulnerability from github – Published: 2023-05-10 06:30 – Updated: 2024-04-04 03:58
VLAI
Details

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-10T06:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Improper following of a certificate\u0027s chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.",
  "id": "GHSA-m4jm-xmcc-hjcm",
  "modified": "2024-04-04T03:58:26Z",
  "published": "2023-05-10T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23901"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN40604023"
    },
    {
      "type": "WEB",
      "url": "https://www.seiko-sol.co.jp/archives/73969"
    },
    {
      "type": "WEB",
      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100"
    },
    {
      "type": "WEB",
      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130"
    },
    {
      "type": "WEB",
      "url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200"
    },
    {
      "type": "WEB",
      "url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4RM-456C-72HQ

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2023-05-16 21:30
VLAI
Details

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-28T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.",
  "id": "GHSA-m4rm-456c-72hq",
  "modified": "2023-05-16T21:30:17Z",
  "published": "2022-05-24T19:19:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22278"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001142\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000056\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M562-W2V4-CHP8

Vulnerability from github – Published: 2023-07-11 09:30 – Updated: 2024-09-30 12:30
VLAI
Details

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure.

Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-11T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an\u00a0Improper Authentication vulnerability during the firmware update procedure.\n\nSpecifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded.\nAn attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system.\nThis issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.\n\n",
  "id": "GHSA-m562-w2v4-chp8",
  "modified": "2024-09-30T12:30:31Z",
  "published": "2023-07-11T09:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31190"
    },
    {
      "type": "WEB",
      "url": "https://download.bluemark.io/dronescout/firmware/history.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31190"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M574-P9PR-7XFP

Vulnerability from github – Published: 2022-05-17 02:47 – Updated: 2022-05-17 02:47
VLAI
Details

Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-21T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-m574-p9pr-7xfp",
  "modified": "2022-05-17T02:47:26Z",
  "published": "2022-05-17T02:47:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1221"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN43529183/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000067.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M575-4PR9-X5XR

Vulnerability from github – Published: 2026-02-23 18:32 – Updated: 2026-02-23 18:32
VLAI
Details

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-70044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-23T16:29:36Z",
    "severity": "MODERATE"
  },
  "details": "An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.",
  "id": "GHSA-m575-4pr9-x5xr",
  "modified": "2026-02-23T18:32:02Z",
  "published": "2026-02-23T18:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70044"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/zcxlighthouse/c00a0eef8ac41ec15ec43b75e2a2f7f8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fofolee"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fofolee/uTools-quickcommand"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M578-PV52-H53W

Vulnerability from github – Published: 2024-08-06 21:30 – Updated: 2024-08-06 21:30
VLAI
Details

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-06T19:15:57Z",
    "severity": "CRITICAL"
  },
  "details": "There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.",
  "id": "GHSA-m578-pv52-h53w",
  "modified": "2024-08-06T21:30:47Z",
  "published": "2024-08-06T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42395"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M658-P24X-P74R

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2024-05-20 21:04
VLAI
Summary
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-h289-x5wc-xcv8. This link is maintained to preserve external references.

Original Description

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "mellium.im/xmpp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.18.0"
            },
            {
              "fixed": "0.21.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-14T22:38:04Z",
    "nvd_published_at": "2022-02-11T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-h289-x5wc-xcv8. This link is maintained to preserve external references.\n\n## Original Description\nIn Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.",
  "id": "GHSA-m658-p24x-p74r",
  "modified": "2024-05-20T21:04:24Z",
  "published": "2022-02-12T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24968"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mellium/xmpp/pull/260"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mellium/xmpp/commit/0d92aa486da69b71f2f4a30e62aa722c711b98ac"
    },
    {
      "type": "WEB",
      "url": "https://mellium.im/cve/cve-2022-24968"
    },
    {
      "type": "WEB",
      "url": "https://mellium.im/issue/259"
    },
    {
      "type": "WEB",
      "url": "https://mellium.im/xmpp"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0370"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp",
  "withdrawn": "2024-05-20T21:04:24Z"
}

GHSA-M6FW-CR7C-RH9V

Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39
VLAI
Details

The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-16T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The \"Peoples Bank Tulsa\" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-m6fw-cr7c-rh9v",
  "modified": "2025-04-20T03:39:14Z",
  "published": "2022-05-17T02:39:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9600"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.