CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1906 vulnerabilities reference this CWE, most recent first.
GHSA-W2W6-XP88-5CVW
Vulnerability from github – Published: 2023-03-22 18:30 – Updated: 2025-05-05 18:32A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or by calling theX509_VERIFY_PARAM_set1_policies()' function.
{
"affected": [],
"aliases": [
"CVE-2023-0464"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-22T17:15:00Z",
"severity": "HIGH"
},
"details": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy\u0027 argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()\u0027 function.",
"id": "GHSA-w2w6-xp88-5cvw",
"modified": "2025-05-05T18:32:35Z",
"published": "2023-03-22T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0464"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230406-0006"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006"
},
{
"type": "WEB",
"url": "https://www.couchbase.com/alerts"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5417"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20230322.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2XR-JMHW-CV64
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
{
"affected": [],
"aliases": [
"CVE-2016-9319"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-31T00:59:00Z",
"severity": "MODERATE"
},
"details": "There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.",
"id": "GHSA-w2xr-jmhw-cv64",
"modified": "2022-05-17T02:51:54Z",
"published": "2022-05-17T02:51:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9319"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/1116973"
},
{
"type": "WEB",
"url": "http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97272"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W3J6-8J34-Q43X
Vulnerability from github – Published: 2022-05-17 05:39 – Updated: 2024-09-13 14:18libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python's SSL module rather than directly with libcloud.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-libcloud"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2010-4340"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-23T20:59:34Z",
"nvd_published_at": "2011-09-12T12:41:00Z",
"severity": "HIGH"
},
"details": "libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python\u0027s SSL module rather than directly with libcloud.",
"id": "GHSA-w3j6-8j34-q43x",
"modified": "2024-09-13T14:18:40Z",
"published": "2022-05-17T05:39:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4340"
},
{
"type": "WEB",
"url": "https://github.com/apache/libcloud/commit/87ee61e6ba03a43dcefea2ce180988bec066b6fd"
},
{
"type": "WEB",
"url": "https://bugs.python.org/issue1589"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/libcloud"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-libcloud/PYSEC-2011-24.yaml"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/LIBCLOUD-55"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201009.mbox/%3C5860913.463891285776633273.JavaMail.jira@thor%3E"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-libcloud/201011.mbox/browser"
},
{
"type": "WEB",
"url": "http://wiki.apache.org/incubator/LibcloudSSL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Libcloud does not verify SSL certificates for HTTPS connections"
}
GHSA-W3W5-RFWV-898Q
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
{
"affected": [],
"aliases": [
"CVE-2025-32745"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-22T14:16:24Z",
"severity": "MODERATE"
},
"details": "Dell PowerFlex Manager, version(s) \u003c=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.",
"id": "GHSA-w3w5-rfwv-898q",
"modified": "2026-05-26T13:30:16Z",
"published": "2026-05-26T13:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32745"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W45J-F832-HXVH
Vulnerability from github – Published: 2022-05-25 19:26 – Updated: 2023-08-29 23:28Impact
A DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it.
This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to v2.1.5
Patches
Upgrade to Pion DTLS v2.1.5
Workarounds
No workarounds available, upgrade to Pion DTLS v2.1.5
References
Thank you to Juho Nurminen and the Mattermost team for discovering and reporting this.
For more information
If you have any questions or comments about this advisory: * Open an issue in Pion DTLS * Email us at team@pion.ly
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/pion/dtls"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/pion/dtls/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29222"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T19:26:09Z",
"nvd_published_at": "2022-05-21T00:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nA DTLS Client could provide a Certificate that it doesn\u0027t posses the private key for and Pion DTLS wouldn\u0027t reject it. \n\nThis issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can\u0027t be trusted when using a Pion DTLS server prior to v2.1.5\n\n### Patches\nUpgrade to Pion DTLS v2.1.5\n\n### Workarounds\nNo workarounds available, upgrade to Pion DTLS v2.1.5\n\n### References\nThank you to [Juho Nurminen](https://github.com/jupenur) and the Mattermost team for discovering and reporting this. \n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Pion DTLS](http://github.com/pion/dtls)\n* Email us at [team@pion.ly](mailto:team@pion.ly)",
"id": "GHSA-w45j-f832-hxvh",
"modified": "2023-08-29T23:28:42Z",
"published": "2022-05-25T19:26:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29222"
},
{
"type": "WEB",
"url": "https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412"
},
{
"type": "WEB",
"url": "https://github.com/pion/dtls/releases/tag/v2.1.5"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0462"
},
{
"type": "PACKAGE",
"url": "github.com/pion/dtls"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Pion/DLTS Accepts Client Certificates Without CertificateVerify"
}
GHSA-W48X-694X-M8Q8
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2024-04-04 02:51The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
{
"affected": [],
"aliases": [
"CVE-2020-13616"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-26T23:15:00Z",
"severity": "MODERATE"
},
"details": "The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.",
"id": "GHSA-w48x-694x-m8q8",
"modified": "2024-04-04T02:51:13Z",
"published": "2022-05-24T17:18:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13616"
},
{
"type": "WEB",
"url": "https://github.com/pichi-router/pichi/commit/4698664233bc324f26658d2b041bfe6ea022c573"
},
{
"type": "WEB",
"url": "https://github.com/pichi-router/pichi/releases/tag/1.3.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W496-Q2JP-3QX5
Vulnerability from github – Published: 2022-09-15 00:00 – Updated: 2022-09-17 00:00An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.
{
"affected": [],
"aliases": [
"CVE-2022-34831"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-14T03:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.",
"id": "GHSA-w496-q2jp-3qx5",
"modified": "2022-09-17T00:00:31Z",
"published": "2022-09-15T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34831"
},
{
"type": "WEB",
"url": "https://support.keyfactor.com/s/detail/a6x1Q000000CwC5QAK"
},
{
"type": "WEB",
"url": "https://www.primekey.com/products/ejbca-enterprise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W4G2-9HJ6-5472
Vulnerability from github – Published: 2018-10-18 18:06 – Updated: 2021-09-20 22:35Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.amqp:spring-amqp"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.amqp:spring-amqp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.rabbitmq:amqp-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.rabbitmq:amqp-client"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-11087"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:59:27Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.",
"id": "GHSA-w4g2-9hj6-5472",
"modified": "2021-09-20T22:35:57Z",
"published": "2018-10-18T18:06:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11087"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-w4g2-9hj6-5472"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2018-11087"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp"
}
GHSA-W4VM-8M9W-5QWM
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-07-28 00:00An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.
{
"affected": [],
"aliases": [
"CVE-2020-16197"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.",
"id": "GHSA-w4vm-8m9w-5qwm",
"modified": "2022-07-28T00:00:47Z",
"published": "2022-05-24T17:26:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16197"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/6529"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/6530"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/6531"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W589-R335-4F55
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2024-10-26 22:49In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2015.8.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2016.3.0"
},
{
"fixed": "2016.11.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2016.11.7"
},
{
"fixed": "2016.11.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2017.5.0"
},
{
"fixed": "2017.7.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2018.2.0"
},
{
"last_affected": "2018.3.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2019.2.0"
},
{
"fixed": "2019.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3000"
},
{
"fixed": "3000.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3001"
},
{
"fixed": "3001.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3002"
},
{
"fixed": "3002.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28972"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T21:17:21Z",
"nvd_published_at": "2021-02-27T05:15:00Z",
"severity": "HIGH"
},
"details": "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the `vmware.py` files) does not always validate the SSL/TLS certificate.",
"id": "GHSA-w589-r335-4f55",
"modified": "2024-10-26T22:49:11Z",
"published": "2022-05-24T17:43:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28972"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-22"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202103-01"
},
{
"type": "WEB",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L14"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L14"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L14"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2358"
},
{
"type": "PACKAGE",
"url": "https://github.com/saltstack/salt"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-74.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SaltStack Salt Improper Certificate Validation"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.