CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1905 vulnerabilities reference this CWE, most recent first.
GHSA-W5FP-2J8V-X63M
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1276"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.\n These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device.\n For more information about these vulnerabilities, see the Details section of this advisory.\n ",
"id": "GHSA-w5fp-2j8v-x63m",
"modified": "2022-05-24T17:39:39Z",
"published": "2022-05-24T17:39:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1276"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W5J8-5P9W-GVX5
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.
First identified on Nissan Leaf ZE1 manufactured in 2020.
{
"affected": [],
"aliases": [
"CVE-2025-32057"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T16:16:06Z",
"severity": "MODERATE"
},
"details": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.",
"id": "GHSA-w5j8-5p9w-gvx5",
"modified": "2026-01-22T18:30:31Z",
"published": "2026-01-22T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32057"
},
{
"type": "WEB",
"url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
},
{
"type": "WEB",
"url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
},
{
"type": "WEB",
"url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W5Q8-36W3-W88M
Vulnerability from github – Published: 2023-05-12 15:30 – Updated: 2024-04-04 04:03An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
{
"affected": [],
"aliases": [
"CVE-2023-27823"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-12T14:15:09Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.",
"id": "GHSA-w5q8-36w3-w88m",
"modified": "2024-04-04T04:03:54Z",
"published": "2023-05-12T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27823"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://optoma.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6MM-86QP-2R3Q
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
{
"affected": [],
"aliases": [
"CVE-2024-6472"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T13:15:47Z",
"severity": "HIGH"
},
"details": "Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5.",
"id": "GHSA-w6mm-86qp-2r3q",
"modified": "2024-08-05T15:30:51Z",
"published": "2024-08-05T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472"
},
{
"type": "WEB",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6Q2-48CH-FJ26
Vulnerability from github – Published: 2023-04-10 15:30 – Updated: 2025-02-11 18:49Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "bigflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25392"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-10T21:04:11Z",
"nvd_published_at": "2023-04-10T14:15:00Z",
"severity": "MODERATE"
},
"details": "Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.",
"id": "GHSA-w6q2-48ch-fj26",
"modified": "2025-02-11T18:49:52Z",
"published": "2023-04-10T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25392"
},
{
"type": "WEB",
"url": "https://github.com/allegro/bigflow/pull/357"
},
{
"type": "WEB",
"url": "https://github.com/allegro/bigflow/commit/4ce197ff99bd38693dea59ab5e9b781fbcef4276"
},
{
"type": "WEB",
"url": "https://github.com/allegro/bigflow/commit/7e956661f76907594e8c82e8fb0af76dbea2a0fc"
},
{
"type": "PACKAGE",
"url": "https://github.com/allegro/bigflow"
},
{
"type": "WEB",
"url": "https://lutrasecurity.com/en/articles/cve-2023-25392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation"
}
GHSA-W6XV-MF6F-R5F6
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2024-10-22 17:23The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "scalyr-agent-2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-24714"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T11:00:05Z",
"nvd_published_at": "2020-08-27T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.",
"id": "GHSA-w6xv-mf6f-r5f6",
"modified": "2024-10-22T17:23:30Z",
"published": "2022-05-24T17:26:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24714"
},
{
"type": "WEB",
"url": "https://github.com/scalyr/scalyr-agent-2/commit/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/scalyr-agent-2/PYSEC-2020-251.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/scalyr/scalyr-agent-2"
},
{
"type": "WEB",
"url": "https://github.com/scalyr/scalyr-agent-2/blob/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Scalyr Agent Missing SSL Certificate Validation"
}
GHSA-W7PJ-7H9P-G4JC
Vulnerability from github – Published: 2026-03-11 21:31 – Updated: 2026-03-11 21:31Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
{
"affected": [],
"aliases": [
"CVE-2026-24508"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T20:16:14Z",
"severity": "LOW"
},
"details": "Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.",
"id": "GHSA-w7pj-7h9p-g4jc",
"modified": "2026-03-11T21:31:03Z",
"published": "2026-03-11T21:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24508"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000427573/dsa-2026-093"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W7R3-MGWF-4MQQ
Vulnerability from github – Published: 2025-09-17 00:31 – Updated: 2025-11-05 20:44A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "KubernetesClient"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.0.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-9708"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-17T19:07:53Z",
"nvd_published_at": "2025-09-16T22:15:33Z",
"severity": "MODERATE"
},
"details": "A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.",
"id": "GHSA-w7r3-mgwf-4mqq",
"modified": "2025-11-05T20:44:42Z",
"published": "2025-09-17T00:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9708"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/134063"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubernetes-client/csharp"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/09/16/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain"
}
GHSA-W86J-99WG-R29F
Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2024-01-09 21:28A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3"
},
"package": {
"ecosystem": "Maven",
"name": "de.tracetronic.jenkins.plugins:ecutest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1999025"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-09T21:28:41Z",
"nvd_published_at": "2018-08-01T13:29:00Z",
"severity": "HIGH"
},
"details": "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.",
"id": "GHSA-w86j-99wg-r29f",
"modified": "2024-01-09T21:28:41Z",
"published": "2022-05-14T02:57:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999025"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/ecutest-plugin/commit/d2b730c0e1c986d53d8d48c0cd5bb9a3b205a2bb"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/ecutest-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability"
}
GHSA-W89J-RFR2-3VWQ
Vulnerability from github – Published: 2024-08-21 15:30 – Updated: 2024-11-25 06:34A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.
{
"affected": [],
"aliases": [
"CVE-2024-8007"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-21T14:15:09Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.",
"id": "GHSA-w89j-rfr2-3vwq",
"modified": "2024-11-25T06:34:57Z",
"published": "2024-08-21T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8007"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9990"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9991"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8007"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305975"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.