Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-PFXG-W7QF-6X65

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:17:59Z",
    "severity": "MODERATE"
  },
  "details": "A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.",
  "id": "GHSA-pfxg-w7qf-6x65",
  "modified": "2026-03-10T18:31:18Z",
  "published": "2026-03-10T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68482"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-078"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PG6P-7JWX-86VP

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00
VLAI
Details

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5538"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-28T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.",
  "id": "GHSA-pg6p-7jwx-86vp",
  "modified": "2022-05-24T17:00:00Z",
  "published": "2022-05-24T17:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5538"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PG7H-V386-FW8H

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI
Details

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-14T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.",
  "id": "GHSA-pg7h-v386-fw8h",
  "modified": "2022-05-24T17:22:52Z",
  "published": "2022-05-24T17:22:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:3674"
    },
    {
      "type": "WEB",
      "url": "https://bugs.openldap.org/show_bug.cgi?id=9266"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1740070"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGH9-MPWC-8JJF

Vulnerability from github – Published: 2026-05-06 20:16 – Updated: 2026-07-08 17:36
VLAI
Summary
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
Details

Impact

A vulnerability has been identified in the SUSE Virtualization (Harvester) Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-middle (MitM) attack against SUSE Virtualization.

An attacker with network-level access between the SUSE Virtualization and Rancher Manager could interfere with the TLS handshake and abuse it to bypass TLS as a security control. The registration client could be misled to send cluster registration requests to an impersonated remote service. Additionally, because the system processes response payloads without performing size validation, an attacker could induce a memory buffer overflow, leading to a potential crash of the SUSE Virtualization registration controller.

Note that this vulnerability only affects the cluster registration configuration (the cluster-registration-url setting) which is distinct from the secured configuration used to maintain operational connectivity between SUSE Virtualization and Rancher Manager, as well as between the manager and hosted downstream clusters.

Please consult the associated MITRE ATT&CK - Technique - Adversary-in-the-Middle and MITRE ATT&CK - Technique - Endpoint Denial of Service: Application or System Exploitation for further information about this category of attack.

Patches

This vulnerability is addressed by updating the registration client’s default behaviour to validate the certificate presented by the remote server against the list of trusted system root certificate authority (CA) and those defined by the additional-ca setting.

Patched versions of SUSE Virtualization include releases v1.8.0 or newer.

Workarounds

If developers can't upgrade to a fixed version, ensure that only authorized cluster administrators can access and modify the cluster-registration-url setting.

Resources

If there are any questions or comments about this advisory: * Reach out to the SUSE Rancher Security team for security related inquiries. * Open an issue in the Rancher repository. * Verify with SUSE support matrix and product support lifecycle.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/harvester/harvester"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-71261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T20:16:08Z",
    "nvd_published_at": "2026-06-16T17:16:30Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA vulnerability has been identified in the [SUSE Virtualization (Harvester) Rancher integration mechanism](https://docs.harvesterhci.io/v1.7/rancher/rancher-integration) where by default the registration client uses an insecure TLS option that fails to verify  the remote server\u2019s certificate. This security gap could allow the execution of a man-in-the-middle (MitM) attack against SUSE Virtualization.\n\nAn attacker with network-level access between the SUSE Virtualization and Rancher Manager could interfere with the TLS handshake and abuse it to bypass TLS as a security control. The registration client could be misled to send cluster registration requests to an impersonated remote service. Additionally, because the system processes response payloads without performing size validation, an attacker could induce a memory buffer overflow, leading to a potential crash of the SUSE Virtualization registration controller.\n\nNote that this vulnerability only affects the cluster registration configuration (the `cluster-registration-url` setting) which is distinct from the secured configuration used to maintain operational connectivity between SUSE Virtualization and Rancher Manager, as well as between the manager and hosted downstream clusters.\n\nPlease consult the associated[ MITRE ATT\u0026CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) and [MITRE ATT\u0026CK - Technique - Endpoint Denial of Service: Application or System Exploitation](https://attack.mitre.org/techniques/T1499/004/) for further information about this category of attack.\n\n### Patches\n\nThis vulnerability is addressed by updating the registration client\u2019s default behaviour to validate the certificate presented by the remote server against the list of trusted system root certificate authority (CA) and those defined by the `additional-ca` setting.\n\nPatched versions of SUSE Virtualization include releases v1.8.0 or newer.\n\n### Workarounds\n\nIf developers can\u0027t upgrade to a fixed version, ensure that only authorized cluster administrators can access and modify the `cluster-registration-url` setting.\n\n### Resources\n\nIf there are any questions or comments about this advisory:\n* Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n* Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n* Verify with SUSE [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-pgh9-mpwc-8jjf",
  "modified": "2026-07-08T17:36:53Z",
  "published": "2026-05-06T20:16:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/harvester/harvester/security/advisories/GHSA-pgh9-mpwc-8jjf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71261"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/harvester/harvester"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Harvester\u0027s SUSE Virtualization Registration Client Vulnerable to MITM and DOS"
}

GHSA-PGQ4-VQ29-6V5R

Vulnerability from github – Published: 2023-05-26 21:30 – Updated: 2025-01-15 18:30
VLAI
Details

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-26T21:15:16Z",
    "severity": "MODERATE"
  },
  "details": "An improper certificate validation vulnerability exists in curl \u003cv8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.",
  "id": "GHSA-pgq4-vq29-6v5r",
  "modified": "2025-01-15T18:30:35Z",
  "published": "2023-05-26T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1950627"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-12"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230609-0009"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213843"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213844"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213845"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/47"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/48"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jul/52"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGQV-97HH-8VV7

Vulnerability from github – Published: 2024-10-31 09:30 – Updated: 2024-10-31 09:30
VLAI
Details

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-31T09:15:02Z",
    "severity": "MODERATE"
  },
  "details": "HCL AppScan Source \u003c= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.",
  "id": "GHSA-pgqv-97hh-8vv7",
  "modified": "2024-10-31T09:30:42Z",
  "published": "2024-10-31T09:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30149"
    },
    {
      "type": "WEB",
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0116990"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PGW7-WX7W-2W33

Vulnerability from github – Published: 2022-06-17 01:02 – Updated: 2022-07-29 18:13
VLAI
Summary
ProxyAgent vulnerable to MITM
Details

Description

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

Impact

This affects all use of HTTPS via HTTP proxy using Undici.ProxyAgent with Undici or Node's global fetch. In this case, it removes all HTTPS security from all requests sent using Undici's ProxyAgent, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server's ISP, etc). This less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy).

Patches

This issue was patched in Undici v5.5.1.

Workarounds

At the time of writing, the only workaround is to not use ProxyAgent as a dispatcher for TLS Connections.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.5.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "undici"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.8.2"
            },
            {
              "fixed": "5.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-32210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T01:02:29Z",
    "nvd_published_at": "2022-07-14T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Description\n\n`Undici.ProxyAgent` never verifies the remote server\u0027s certificate, and always exposes all request \u0026 response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy\u0027s URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.\n\n### Impact\n\nThis affects all use of HTTPS via HTTP proxy using **`Undici.ProxyAgent`**  with Undici or Node\u0027s global `fetch`. In this case, it removes all HTTPS security from all requests sent using Undici\u0027s `ProxyAgent`, allowing trivial MitM attacks by anybody on the network path between the client and the target server (local network users, your ISP, the proxy, the target server\u0027s ISP, etc).\nThis less seriously affects HTTPS via HTTPS proxies. When you send HTTPS via a proxy to a remote server, the proxy can freely view or modify all HTTPS traffic unexpectedly (but only the proxy). \n\n### Patches\n\nThis issue was patched in Undici v5.5.1.\n\n### Workarounds\n\nAt the time of writing, the only workaround is to not use `ProxyAgent` as a dispatcher for TLS Connections.",
  "id": "GHSA-pgw7-wx7w-2w33",
  "modified": "2022-07-29T18:13:25Z",
  "published": "2022-06-17T01:02:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nodejs/undici/security/advisories/GHSA-pgw7-wx7w-2w33"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32210"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1583680"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nodejs/undici"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ProxyAgent vulnerable to MITM"
}

GHSA-PH5J-38MG-J6HP

Vulnerability from github – Published: 2026-03-07 00:30 – Updated: 2026-03-10 18:31
VLAI
Details

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-06T22:16:00Z",
    "severity": "MODERATE"
  },
  "details": "Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.",
  "id": "GHSA-ph5j-38mg-j6hp",
  "modified": "2026-03-10T18:31:14Z",
  "published": "2026-03-07T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/752183"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/77953"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-4600"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHVV-C9GW-V54H

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-27T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.",
  "id": "GHSA-phvv-c9gw-v54h",
  "modified": "2022-05-13T01:47:28Z",
  "published": "2022-05-13T01:47:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8301"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libressl-portable/portable/issues/307"
    },
    {
      "type": "WEB",
      "url": "https://trac.nginx.org/nginx/ticket/1257"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2017/q2/145"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98076"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJFQ-H6GX-WRCF

Vulnerability from github – Published: 2023-08-23 18:30 – Updated: 2025-02-13 18:31
VLAI
Details

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate.

This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-23T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate.\n\nThis issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.",
  "id": "GHSA-pjfq-h6gx-wrcf",
  "modified": "2025-02-13T18:31:49Z",
  "published": "2023-08-23T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1409"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-73662"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-77028"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230921-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.