Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1905 vulnerabilities reference this CWE, most recent first.

GHSA-W5FP-2J8V-X63M

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39
VLAI
Details

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.\n These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device.\n For more information about these vulnerabilities, see the Details section of this advisory.\n ",
  "id": "GHSA-w5fp-2j8v-x63m",
  "modified": "2022-05-24T17:39:39Z",
  "published": "2022-05-24T17:39:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1276"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W5J8-5P9W-GVX5

Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30
VLAI
Details

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.

First identified on Nissan Leaf ZE1 manufactured in 2020.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T16:16:06Z",
    "severity": "MODERATE"
  },
  "details": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.",
  "id": "GHSA-w5j8-5p9w-gvx5",
  "modified": "2026-01-22T18:30:31Z",
  "published": "2026-01-22T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32057"
    },
    {
      "type": "WEB",
      "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
    },
    {
      "type": "WEB",
      "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
    },
    {
      "type": "WEB",
      "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W5Q8-36W3-W88M

Vulnerability from github – Published: 2023-05-12 15:30 – Updated: 2024-04-04 04:03
VLAI
Details

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-12T14:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.",
  "id": "GHSA-w5q8-36w3-w88m",
  "modified": "2024-04-04T04:03:54Z",
  "published": "2023-05-12T15:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27823"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://optoma.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6MM-86QP-2R3Q

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30
VLAI
Details

Certificate Validation user interface in LibreOffice allows potential vulnerability.

Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed.

Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.

This issue affects LibreOffice: from 24.2 before 24.2.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6472"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T13:15:47Z",
    "severity": "HIGH"
  },
  "details": "Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5.",
  "id": "GHSA-w6mm-86qp-2r3q",
  "modified": "2024-08-05T15:30:51Z",
  "published": "2024-08-05T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6Q2-48CH-FJ26

Vulnerability from github – Published: 2023-04-10 15:30 – Updated: 2025-02-11 18:49
VLAI
Summary
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Details

Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "bigflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-25392"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-10T21:04:11Z",
    "nvd_published_at": "2023-04-10T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.",
  "id": "GHSA-w6q2-48ch-fj26",
  "modified": "2025-02-11T18:49:52Z",
  "published": "2023-04-10T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25392"
    },
    {
      "type": "WEB",
      "url": "https://github.com/allegro/bigflow/pull/357"
    },
    {
      "type": "WEB",
      "url": "https://github.com/allegro/bigflow/commit/4ce197ff99bd38693dea59ab5e9b781fbcef4276"
    },
    {
      "type": "WEB",
      "url": "https://github.com/allegro/bigflow/commit/7e956661f76907594e8c82e8fb0af76dbea2a0fc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/allegro/bigflow"
    },
    {
      "type": "WEB",
      "url": "https://lutrasecurity.com/en/articles/cve-2023-25392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation"
}

GHSA-W6XV-MF6F-R5F6

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2024-10-22 17:23
VLAI
Summary
Scalyr Agent Missing SSL Certificate Validation
Details

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "scalyr-agent-2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-24714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-29T11:00:05Z",
    "nvd_published_at": "2020-08-27T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.",
  "id": "GHSA-w6xv-mf6f-r5f6",
  "modified": "2024-10-22T17:23:30Z",
  "published": "2022-05-24T17:26:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24714"
    },
    {
      "type": "WEB",
      "url": "https://github.com/scalyr/scalyr-agent-2/commit/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/scalyr-agent-2/PYSEC-2020-251.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/scalyr/scalyr-agent-2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/scalyr/scalyr-agent-2/blob/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867/CHANGELOG.md"
    },
    {
      "type": "WEB",
      "url": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Scalyr Agent Missing SSL Certificate Validation"
}

GHSA-W7PJ-7H9P-G4JC

Vulnerability from github – Published: 2026-03-11 21:31 – Updated: 2026-03-11 21:31
VLAI
Details

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24508"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-11T20:16:14Z",
    "severity": "LOW"
  },
  "details": "Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.",
  "id": "GHSA-w7pj-7h9p-g4jc",
  "modified": "2026-03-11T21:31:03Z",
  "published": "2026-03-11T21:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24508"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000427573/dsa-2026-093"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7R3-MGWF-4MQQ

Vulnerability from github – Published: 2025-09-17 00:31 – Updated: 2025-11-05 20:44
VLAI
Summary
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain
Details

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "KubernetesClient"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17.0.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-9708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-17T19:07:53Z",
    "nvd_published_at": "2025-09-16T22:15:33Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.",
  "id": "GHSA-w7r3-mgwf-4mqq",
  "modified": "2025-11-05T20:44:42Z",
  "published": "2025-09-17T00:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9708"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/134063"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes-client/csharp"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/rLopt2Msvbw/m/rK6XeNw2CgAJ"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/16/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain"
}

GHSA-W86J-99WG-R29F

Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2024-01-09 21:28
VLAI
Summary
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
Details

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "de.tracetronic.jenkins.plugins:ecutest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1999025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-09T21:28:41Z",
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.",
  "id": "GHSA-w86j-99wg-r29f",
  "modified": "2024-01-09T21:28:41Z",
  "published": "2022-05-14T02:57:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1999025"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/ecutest-plugin/commit/d2b730c0e1c986d53d8d48c0cd5bb9a3b205a2bb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/ecutest-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability"
}

GHSA-W89J-RFR2-3VWQ

Vulnerability from github – Published: 2024-08-21 15:30 – Updated: 2024-11-25 06:34
VLAI
Details

A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T14:15:09Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.",
  "id": "GHSA-w89j-rfr2-3vwq",
  "modified": "2024-11-25T06:34:57Z",
  "published": "2024-08-21T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8007"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9990"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9991"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8007"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305975"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.