CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
CVE-2020-15133 (GCVE-0-2020-15133)
Vulnerability from cvelistv5 – Published: 2020-07-31 17:40 – Updated: 2024-08-04 13:08- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://blog.jcoglan.com/2020/07/31/missing-tls-v… | x_refsource_MISC |
| https://github.com/faye/faye-websocket-ruby/secur… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| faye | faye-websocket |
Affected:
< 0.11.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "faye-websocket",
"vendor": "faye",
"versions": [
{
"status": "affected",
"version": "\u003c 0.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T17:40:21.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv"
}
],
"source": {
"advisory": "GHSA-2v5c-755p-p4gv",
"discovery": "UNKNOWN"
},
"title": "Missing TLS certificate verification in Faye Websocket",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15133",
"STATE": "PUBLIC",
"TITLE": "Missing TLS certificate verification in Faye Websocket"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "faye-websocket",
"version": {
"version_data": [
{
"version_value": "\u003c 0.11.0"
}
]
}
}
]
},
"vendor_name": "faye"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/",
"refsource": "MISC",
"url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/"
},
{
"name": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv",
"refsource": "CONFIRM",
"url": "https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv"
}
]
},
"source": {
"advisory": "GHSA-2v5c-755p-p4gv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15133",
"datePublished": "2020-07-31T17:40:21.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12144 (GCVE-0-2020-12144)
Vulnerability from cvelistv5 – Published: 2020-05-05 19:54 – Updated: 2024-08-04 11:48- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://www.silver-peak.com/sites/default/files/a… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Silver Peak Systems, Inc. | 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator 3. EdgeConnect in AWS, Azure, GCP |
Affected:
All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator\u202f 3. EdgeConnect in AWS, Azure, GCP",
"vendor": "Silver Peak Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"descriptions": [
{
"lang": "en",
"value": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T16:59:01.000Z",
"orgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"shortName": "Silver Peak"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Resolution \n\u2022\tChanges have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. \n\n\u2022\tTLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. \n\nAny required configuration\n\u2022\tDo not change Cloud Portal\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Portal Certificate\u201d option under Advanced Security Settings."
},
{
"lang": "en",
"value": "The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 003",
"discovery": "EXTERNAL"
},
"title": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@silver-peak.com",
"ID": "CVE-2020-12144",
"STATE": "PUBLIC",
"TITLE": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator\u202f 3. EdgeConnect in AWS, Azure, GCP",
"version": {
"version_data": [
{
"version_name": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+",
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
}
]
},
"vendor_name": "Silver Peak Systems, Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf",
"refsource": "CONFIRM",
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal-cve_2020_12144.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Resolution \n\u2022\tChanges have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. \n\n\u2022\tTLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. \n\nAny required configuration\n\u2022\tDo not change Cloud Portal\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Portal Certificate\u201d option under Advanced Security Settings."
},
{
"lang": "en",
"value": "The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_portal_cve_2020_12144.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"assignerShortName": "Silver Peak",
"cveId": "CVE-2020-12144",
"datePublished": "2020-05-05T19:54:00.000Z",
"dateReserved": "2020-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:58.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12143 (GCVE-0-2020-12143)
Vulnerability from cvelistv5 – Published: 2020-05-05 19:53 – Updated: 2024-08-04 11:48- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://www.silver-peak.com/sites/default/files/a… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Silver Peak Systems, Inc. | 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, 3. EdgeConnect in AWS, Azure, GCP |
Affected:
All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP",
"vendor": "Silver Peak Systems, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143."
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"descriptions": [
{
"lang": "en",
"value": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T16:58:22.000Z",
"orgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"shortName": "Silver Peak"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 002",
"discovery": "EXTERNAL"
},
"title": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@silver-peak.com",
"ID": "CVE-2020-12143",
"STATE": "PUBLIC",
"TITLE": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP",
"version": {
"version_data": [
{
"version_name": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+",
"version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
}
]
}
}
]
},
"vendor_name": "Silver Peak Systems, Inc."
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.cvedetails.com/cve/CVE-2020-12143."
}
],
"credit": [
{
"lang": "eng",
"value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf",
"refsource": "CONFIRM",
"url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator-cve_2020_12143.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Any required configuration\n\u2022\tDo not change Orchestrator\u2019s IP address as discovered by the EdgeConnect appliance. \n\u2022\tUpgrade to Silver Peak Unity ECOS\u2122 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+. \n\u2022\tIn Orchestrator, enable the \u201cVerify Orchestrator Certificate\u201d option under Advanced Security Settings. \n\nSolution link - References \n The full details of the CVE can be found at https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_rogue_orchestrator_cve_2020_12143.pdf"
}
],
"source": {
"advisory": "2020 -04-24-001- 002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
"assignerShortName": "Silver Peak",
"cveId": "CVE-2020-12143",
"datePublished": "2020-05-05T19:53:56.000Z",
"dateReserved": "2020-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:58.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10925 (GCVE-0-2020-10925)
Vulnerability from cvelistv5 – Published: 2020-07-28 17:10 – Updated: 2024-08-04 11:14- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "R6700",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "V1.0.4.84_10.0.58"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Ribeiro and Radek Domanski of Team Flashback"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-28T17:10:36.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-10925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6700",
"version": {
"version_data": [
{
"version_value": "V1.0.4.84_10.0.58"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "Pedro Ribeiro and Radek Domanski of Team Flashback",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-705/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-10925",
"datePublished": "2020-07-28T17:10:36.000Z",
"dateReserved": "2020-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10059 (GCVE-0-2020-10059)
Vulnerability from cvelistv5 – Published: 2020-05-11 22:26 – Updated: 2024-09-17 02:07- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36 | x_refsource_MISC |
| https://github.com/zephyrproject-rtos/zephyr/pull/24954 | x_refsource_MISC |
| https://github.com/zephyrproject-rtos/zephyr/pull/24999 | x_refsource_MISC |
| https://github.com/zephyrproject-rtos/zephyr/pull/24997 | x_refsource_MISC |
| https://docs.zephyrproject.org/latest/security/vu… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject-rtos | zephyr |
Affected:
2.1.0 , < unspecified
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NCC Group for report"
}
],
"datePublic": "2020-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T17:37:37.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
],
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
},
"title": "UpdateHub Module Explicitly Disables TLS Verification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
"ID": "CVE-2020-10059",
"STATE": "PUBLIC",
"TITLE": "UpdateHub Module Explicitly Disables TLS Verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NCC Group for report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36",
"refsource": "MISC",
"url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24954",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24999",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"
},
{
"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24997",
"refsource": "MISC",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"
},
{
"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059",
"refsource": "MISC",
"url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"
}
]
},
"source": {
"defect": [
"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2020-10059",
"datePublished": "2020-05-11T22:26:16.442Z",
"dateReserved": "2020-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:07:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8289 (GCVE-0-2020-8289)
Vulnerability from cvelistv5 – Published: 2020-12-27 01:20 – Updated: 2024-08-04 09:56- CWE-295 - Improper Certificate Validation (CWE-295)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/818853 | x_refsource_MISC |
| https://youtu.be/W0THXbcX5V8 | x_refsource_MISC |
| https://github.com/geffner/CVE-2020-8289/blob/mas… | x_refsource_MISC |
| https://www.backblaze.com/blog/backblaze-cloud-ba… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Dec/57 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2020/Dec/58 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/818853"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/W0THXbcX5V8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/geffner/CVE-2020-8289/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/"
},
{
"name": "20201229 Re: [FD] CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/57"
},
{
"name": "20201229 Re: CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/58"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Backblaze",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T10:06:13.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/818853"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/W0THXbcX5V8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/geffner/CVE-2020-8289/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/"
},
{
"name": "20201229 Re: [FD] CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/57"
},
{
"name": "20201229 Re: CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Dec/58"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Backblaze",
"version": {
"version_data": [
{
"version_value": "Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/818853",
"refsource": "MISC",
"url": "https://hackerone.com/reports/818853"
},
{
"name": "https://youtu.be/W0THXbcX5V8",
"refsource": "MISC",
"url": "https://youtu.be/W0THXbcX5V8"
},
{
"name": "https://github.com/geffner/CVE-2020-8289/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/geffner/CVE-2020-8289/blob/master/README.md"
},
{
"name": "https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/",
"refsource": "MISC",
"url": "https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/"
},
{
"name": "20201229 Re: [FD] CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Dec/57"
},
{
"name": "20201229 Re: CVE-2020-8150 - Remote Code Execution as SYSTEM/root via Backblaze",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Dec/58"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8289",
"datePublished": "2020-12-27T01:20:50.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:28.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8286 (GCVE-0-2020-8286)
Vulnerability from cvelistv5 – Published: 2020-12-14 19:39 – Updated: 2024-11-15 15:30- CWE-295 - Improper Certificate Validation (CWE-295)
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
7.41.0 to and including 7.73.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1048457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2020-8286.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-8286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:29:39.778689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:30:03.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.41.0 to and including 7.73.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:30.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1048457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.se/docs/CVE-2020-8286.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/curl/curl",
"version": {
"version_data": [
{
"version_value": "7.41.0 to and including 7.73.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1048457",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1048457"
},
{
"name": "https://curl.se/docs/CVE-2020-8286.html",
"refsource": "MISC",
"url": "https://curl.se/docs/CVE-2020-8286.html"
},
{
"name": "FEDORA-2020-ceaf490686",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"
},
{
"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"name": "FEDORA-2020-7ab62c73bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"
},
{
"name": "GLSA-202012-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"name": "DSA-4881",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/51"
},
{
"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/50"
},
{
"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/54"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"name": "https://support.apple.com/kb/HT212325",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212325"
},
{
"name": "https://support.apple.com/kb/HT212326",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212326"
},
{
"name": "https://support.apple.com/kb/HT212327",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212327"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8286",
"datePublished": "2020-12-14T19:39:28.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-11-15T15:30:03.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8279 (GCVE-0-2020-8279)
Vulnerability from cvelistv5 – Published: 2020-11-19 00:32 – Updated: 2024-08-04 09:56- CWE-295 - Improper Certificate Validation (CWE-295)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/915585 | x_refsource_MISC |
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Social |
Affected:
Affects <0.4.0
Affected: Fixed in 0.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/915585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Social",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects \u003c0.4.0"
},
{
"status": "affected",
"version": "Fixed in 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing validation of server certificates for out-going connections in Nextcloud Social \u003c 0.4.0 allowed a man-in-the-middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T00:32:22.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/915585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Social",
"version": {
"version_data": [
{
"version_value": "Affects \u003c0.4.0"
},
{
"version_value": "Fixed in 0.4.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing validation of server certificates for out-going connections in Nextcloud Social \u003c 0.4.0 allowed a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/915585",
"refsource": "MISC",
"url": "https://hackerone.com/reports/915585"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8279",
"datePublished": "2020-11-19T00:32:22.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:28.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8156 (GCVE-0-2020-8156)
Vulnerability from cvelistv5 – Published: 2020-05-12 13:01 – Updated: 2024-08-04 09:48- CWE-295 - Improper Certificate Validation (CWE-295)
| URL | Tags |
|---|---|
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Mail |
Affected:
1.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020"
},
{
"name": "FEDORA-2020-c9863904de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Mail",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation (CWE-295)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T18:06:21.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020"
},
{
"name": "FEDORA-2020-c9863904de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Mail",
"version": {
"version_data": [
{
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-020"
},
{
"name": "FEDORA-2020-c9863904de",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC6HLX5SG4PZO6Y54D2LFJ4ATG76BKOP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8156",
"datePublished": "2020-05-12T13:01:22.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:25.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7924 (GCVE-0-2020-7924)
Vulnerability from cvelistv5 – Published: 2021-04-12 16:25 – Updated: 2024-09-16 16:28- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/TOOLS-2587 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Database Tools |
Affected:
3.6.5 , ≤ 3.6.21
(custom)
Affected: 4.0 , < 4.0.21 (custom) Affected: 4.2 , < 4.2.11 (custom) Affected: 100 , < 100.2.0 (custom) |
|
| MongoDB Inc. | Mongomirror |
Affected:
0.6.0 , < 0*
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-7924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T17:00:33.949728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:00:41.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Database Tools",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.6.21",
"status": "affected",
"version": "3.6.5",
"versionType": "custom"
},
{
"lessThan": "4.0.21",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.2.11",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "100.2.0",
"status": "affected",
"version": "100",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mongomirror",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "0*",
"status": "affected",
"version": "0.6.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-11T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.\u003c/p\u003e"
}
],
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:12:45.355Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Specific command line parameter might result in accepting invalid certificate",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-04-12T16:00:00.000Z",
"ID": "CVE-2020-7924",
"STATE": "PUBLIC",
"TITLE": "Specific command line parameter might result in accepting invalid certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Database Tools",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.6",
"version_value": "3.6.5"
},
{
"version_affected": "\u003c",
"version_name": "3.6",
"version_value": "3.6.21"
},
{
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.21"
},
{
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.11"
},
{
"version_affected": "\u003c",
"version_name": "100",
"version_value": "100.2.0"
}
]
}
},
{
"product_name": "Mongomirror",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "0",
"version_value": "0.6.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/TOOLS-2587",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/TOOLS-2587"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2020-7924",
"datePublished": "2021-04-12T16:25:11.147Z",
"dateReserved": "2020-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:23.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.