CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CVE-2021-29504 (GCVE-0-2021-29504)
Vulnerability from cvelistv5 – Published: 2021-06-07 20:50 – Updated: 2024-08-03 22:11
VLAI
Title
Improper Certificate Validation in WP-CLI framework
Summary
WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\Utils\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\Utils\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\Utils\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior.
Severity
9.1 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/wp-cli/wp-cli/security/advisor… | x_refsource_CONFIRM |
| https://github.com/wp-cli/checksum-command/pull/86 | x_refsource_MISC |
| https://github.com/wp-cli/config-command/pull/128 | x_refsource_MISC |
| https://github.com/wp-cli/core-command/pull/186 | x_refsource_MISC |
| https://github.com/wp-cli/extension-command/pull/287 | x_refsource_MISC |
| https://github.com/wp-cli/package-command/pull/138 | x_refsource_MISC |
| https://github.com/wp-cli/wp-cli/pull/5523 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wp-cli/wp-cli/security/advisories/GHSA-rwgm-f83r-v3qj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wp-cli/checksum-command/pull/86"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wp-cli/config-command/pull/128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wp-cli/core-command/pull/186"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wp-cli/extension-command/pull/287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wp-cli/package-command/pull/138"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wp-cli/wp-cli/pull/5523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wp-cli",
"vendor": "wp-cli",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\\Utils\\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\\Utils\\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\\Utils\\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T20:50:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wp-cli/wp-cli/security/advisories/GHSA-rwgm-f83r-v3qj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wp-cli/checksum-command/pull/86"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wp-cli/config-command/pull/128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wp-cli/core-command/pull/186"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wp-cli/extension-command/pull/287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wp-cli/package-command/pull/138"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wp-cli/wp-cli/pull/5523"
}
],
"source": {
"advisory": "GHSA-rwgm-f83r-v3qj",
"discovery": "UNKNOWN"
},
"title": "Improper Certificate Validation in WP-CLI framework",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29504",
"STATE": "PUBLIC",
"TITLE": "Improper Certificate Validation in WP-CLI framework"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wp-cli",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.0"
}
]
}
}
]
},
"vendor_name": "wp-cli"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\\Utils\\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\\Utils\\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\\Utils\\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wp-cli/wp-cli/security/advisories/GHSA-rwgm-f83r-v3qj",
"refsource": "CONFIRM",
"url": "https://github.com/wp-cli/wp-cli/security/advisories/GHSA-rwgm-f83r-v3qj"
},
{
"name": "https://github.com/wp-cli/checksum-command/pull/86",
"refsource": "MISC",
"url": "https://github.com/wp-cli/checksum-command/pull/86"
},
{
"name": "https://github.com/wp-cli/config-command/pull/128",
"refsource": "MISC",
"url": "https://github.com/wp-cli/config-command/pull/128"
},
{
"name": "https://github.com/wp-cli/core-command/pull/186",
"refsource": "MISC",
"url": "https://github.com/wp-cli/core-command/pull/186"
},
{
"name": "https://github.com/wp-cli/extension-command/pull/287",
"refsource": "MISC",
"url": "https://github.com/wp-cli/extension-command/pull/287"
},
{
"name": "https://github.com/wp-cli/package-command/pull/138",
"refsource": "MISC",
"url": "https://github.com/wp-cli/package-command/pull/138"
},
{
"name": "https://github.com/wp-cli/wp-cli/pull/5523",
"refsource": "MISC",
"url": "https://github.com/wp-cli/wp-cli/pull/5523"
}
]
},
"source": {
"advisory": "GHSA-rwgm-f83r-v3qj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29504",
"datePublished": "2021-06-07T20:50:17.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31892 (GCVE-0-2021-31892)
Vulnerability from cvelistv5 – Published: 2021-07-13 11:02 – Updated: 2024-08-03 23:10
VLAI
Summary
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
Severity
No CVSS data available.
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04 | x_refsource_MISC |
Impacted products
20 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINUMERIK Analyse MyCondition",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Integrate Client 02",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V02.00.12 \u003c 02.00.18"
}
]
},
{
"product": "SINUMERIK Integrate Client 03",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V03.00.12 \u003c 03.00.18"
}
]
},
{
"product": "SINUMERIK Integrate Client 04",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18"
}
]
},
{
"product": "SINUMERIK Integrate for Production 4.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1 SP10 HF3"
}
]
},
{
"product": "SINUMERIK Integrate for Production 5.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V5.1"
}
]
},
{
"product": "SINUMERIK Manage MyMachines",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyMachines /Remote",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyMachines /Spindel Monitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyPrograms",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyResources /Programs",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyResources /Tools",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyTools",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Operate V4.8",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP8"
}
]
},
{
"product": "SINUMERIK Operate V4.93",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.93 HF7"
}
]
},
{
"product": "SINUMERIK Operate V4.94",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.94 HF5"
}
]
},
{
"product": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-30T18:51:21.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINUMERIK Analyse MyCondition",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 02",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V02.00.12 \u003c 02.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 03",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V03.00.12 \u003c 03.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 04",
"version": {
"version_data": [
{
"version_value": "V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate for Production 4.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1 SP10 HF3"
}
]
}
},
{
"product_name": "SINUMERIK Integrate for Production 5.1",
"version": {
"version_data": [
{
"version_value": "V5.1"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines /Remote",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines /Spindel Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyPrograms",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyResources /Programs",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyResources /Tools",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyTools",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.8",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.8 SP8"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.93",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.93 HF7"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.94",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.94 HF5"
}
]
}
},
{
"product_name": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31892",
"datePublished": "2021-07-13T11:02:55.000Z",
"dateReserved": "2021-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:10:30.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32727 (GCVE-0-2021-32727)
Vulnerability from cvelistv5 – Published: 2021-07-12 20:40 – Updated: 2024-08-03 23:33
VLAI
Title
End-to-end encryption device setup did not verify public key
Summary
Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private key belonged to a previously downloaded public certificate. If the Nextcloud instance served a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. The vulnerability is patched in version 3.16.1. As a workaround, do not add additional end-to-end encrypted devices to a user account.
Severity
5.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/android/pull/8438 | x_refsource_MISC |
| https://hackerone.com/reports/1189162 | x_refsource_MISC |
| https://github.com/nextcloud/end_to_end_encryptio… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 3.16.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5v33-r9cm-7736"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/android/pull/8438"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1189162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/end_to_end_encryption_rfc/blob/7f002996397faefb664019a97ebb0a1e210f64f0/RFC.md#further-devices"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 3.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private key belonged to a previously downloaded public certificate. If the Nextcloud instance served a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. The vulnerability is patched in version 3.16.1. As a workaround, do not add additional end-to-end encrypted devices to a user account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T20:40:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5v33-r9cm-7736"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/android/pull/8438"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1189162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/end_to_end_encryption_rfc/blob/7f002996397faefb664019a97ebb0a1e210f64f0/RFC.md#further-devices"
}
],
"source": {
"advisory": "GHSA-5v33-r9cm-7736",
"discovery": "UNKNOWN"
},
"title": "End-to-end encryption device setup did not verify public key",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32727",
"STATE": "PUBLIC",
"TITLE": "End-to-end encryption device setup did not verify public key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 3.16.1"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private key belonged to a previously downloaded public certificate. If the Nextcloud instance served a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. The vulnerability is patched in version 3.16.1. As a workaround, do not add additional end-to-end encrypted devices to a user account."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5v33-r9cm-7736",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5v33-r9cm-7736"
},
{
"name": "https://github.com/nextcloud/android/pull/8438",
"refsource": "MISC",
"url": "https://github.com/nextcloud/android/pull/8438"
},
{
"name": "https://hackerone.com/reports/1189162",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1189162"
},
{
"name": "https://github.com/nextcloud/end_to_end_encryption_rfc/blob/7f002996397faefb664019a97ebb0a1e210f64f0/RFC.md#further-devices",
"refsource": "MISC",
"url": "https://github.com/nextcloud/end_to_end_encryption_rfc/blob/7f002996397faefb664019a97ebb0a1e210f64f0/RFC.md#further-devices"
}
]
},
"source": {
"advisory": "GHSA-5v33-r9cm-7736",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32727",
"datePublished": "2021-07-12T20:40:13.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:54.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32728 (GCVE-0-2021-32728)
Vulnerability from cvelistv5 – Published: 2021-08-18 16:00 – Updated: 2024-08-03 23:33
VLAI
Title
End-to-end encryption device setup did not verify public key
Summary
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.
Severity
6.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/1189162 | x_refsource_MISC |
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/desktop/pull/3338 | x_refsource_MISC |
| https://www.debian.org/security/2021/dsa-4974 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 3.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1189162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/desktop/pull/3338"
},
{
"name": "DSA-4974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-19T23:06:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1189162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/desktop/pull/3338"
},
{
"name": "DSA-4974",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4974"
}
],
"source": {
"advisory": "GHSA-f5fr-5gcv-6cc5",
"discovery": "UNKNOWN"
},
"title": "End-to-end encryption device setup did not verify public key",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32728",
"STATE": "PUBLIC",
"TITLE": "End-to-end encryption device setup did not verify public key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 3.3.0"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1189162",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1189162"
},
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5"
},
{
"name": "https://github.com/nextcloud/desktop/pull/3338",
"refsource": "MISC",
"url": "https://github.com/nextcloud/desktop/pull/3338"
},
{
"name": "DSA-4974",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4974"
}
]
},
"source": {
"advisory": "GHSA-f5fr-5gcv-6cc5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32728",
"datePublished": "2021-08-18T16:00:13.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:54.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32755 (GCVE-0-2021-32755)
Vulnerability from cvelistv5 – Published: 2021-07-13 20:55 – Updated: 2024-08-03 23:33
VLAI
Title
Certificate pinning is not enforced on the web socket connection
Summary
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
Severity
5.4 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/wireapp/wire-ios-transport/sec… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wireapp | wire-ios-transport |
Affected:
= 3.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wire-ios-transport",
"vendor": "wireapp",
"versions": [
{
"status": "affected",
"version": "= 3.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T20:55:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v"
}
],
"source": {
"advisory": "GHSA-v8mx-h3vj-w39v",
"discovery": "UNKNOWN"
},
"title": "Certificate pinning is not enforced on the web socket connection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32755",
"STATE": "PUBLIC",
"TITLE": "Certificate pinning is not enforced on the web socket connection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wire-ios-transport",
"version": {
"version_data": [
{
"version_value": "= 3.8.2"
}
]
}
}
]
},
"vendor_name": "wireapp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v",
"refsource": "CONFIRM",
"url": "https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v"
}
]
},
"source": {
"advisory": "GHSA-v8mx-h3vj-w39v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32755",
"datePublished": "2021-07-13T20:55:09.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:55.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34599 (GCVE-0-2021-34599)
Vulnerability from cvelistv5 – Published: 2021-12-01 09:00 – Updated: 2024-09-17 02:32
VLAI
Title
Improper Certificate Validation in CODESYS Git
Summary
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.
Severity
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://customers.codesys.com/index.php?eID=dumpF… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Git |
Affected:
CODESYS Git , < V1.1.0.0
(custom)
|
Date Public
2021-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16959\u0026token=3ce11e44a3277c4520d732ea2e630f2e06bd46ff\u0026download"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Git",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V1.1.0.0",
"status": "affected",
"version": "CODESYS Git",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T09:00:15.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16959\u0026token=3ce11e44a3277c4520d732ea2e630f2e06bd46ff\u0026download"
}
],
"solutions": [
{
"lang": "en",
"value": "CODESYS GmbH has released CODESYS Git V1.1.0.0 to solve this vulnerability issue.\nCODESYS Git V1.1.0.0 can be downloaded and installed directly with the CODESYS Installer. CODESYS Git\nrequires a CODESYS Development System version of V3.5.17.0 or newer."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Improper Certificate Validation in CODESYS Git",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-12-01T07:00:00.000Z",
"ID": "CVE-2021-34599",
"STATE": "PUBLIC",
"TITLE": "Improper Certificate Validation in CODESYS Git"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Git",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "CODESYS Git",
"version_value": "V1.1.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16959\u0026token=3ce11e44a3277c4520d732ea2e630f2e06bd46ff\u0026download",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16959\u0026token=3ce11e44a3277c4520d732ea2e630f2e06bd46ff\u0026download"
}
]
},
"solution": [
{
"lang": "en",
"value": "CODESYS GmbH has released CODESYS Git V1.1.0.0 to solve this vulnerability issue.\nCODESYS Git V1.1.0.0 can be downloaded and installed directly with the CODESYS Installer. CODESYS Git\nrequires a CODESYS Development System version of V3.5.17.0 or newer."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34599",
"datePublished": "2021-12-01T09:00:15.883Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:29.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3460 (GCVE-0-2021-3460)
Vulnerability from cvelistv5 – Published: 2021-04-13 20:41 – Updated: 2024-08-03 16:53
VLAI
Summary
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
Severity
8.1 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://motorolamentor.zendesk.com/hc/en-us/artic… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MH702x",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2.0.0.301",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T20:41:43.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Motorola MH702x devices to firmware version 2.0.0.301."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MH702x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0.0.301"
}
]
}
}
]
},
"vendor_name": "Motorola"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249",
"refsource": "MISC",
"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Motorola MH702x devices to firmware version 2.0.0.301."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3460",
"datePublished": "2021-04-13T20:41:43.000Z",
"dateReserved": "2021-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:53:17.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3618 (GCVE-0-2021-3618)
Vulnerability from cvelistv5 – Published: 2022-03-23 00:00 – Updated: 2024-08-03 17:01
VLAI
Summary
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623"
},
{
"tags": [
"x_transferred"
],
"url": "https://alpaca-attack.com/"
},
{
"name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALPACA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vsftpd 3.0.4, nginx 1.21.0, sendmail 8.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623"
},
{
"url": "https://alpaca-attack.com/"
},
{
"name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3618",
"datePublished": "2022-03-23T00:00:00.000Z",
"dateReserved": "2021-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3636 (GCVE-0-2021-3636)
Vulnerability from cvelistv5 – Published: 2021-07-30 19:27 – Updated: 2024-08-03 17:01
VLAI
Summary
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
Severity
No CVSS data available.
CWE
- CWE-295 - >CWE-287
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1978621 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "openshift 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295-\u003eCWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-30T19:27:06.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openshift",
"version": {
"version_data": [
{
"version_value": "openshift 4.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295-\u003eCWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3636",
"datePublished": "2021-07-30T19:27:06.000Z",
"dateReserved": "2021-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3698 (GCVE-0-2021-3698)
Vulnerability from cvelistv5 – Published: 2022-03-08 14:07 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1992149 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cockpit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cockpit versions prior to 260"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:07:49.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cockpit",
"version": {
"version_data": [
{
"version_value": "cockpit versions prior to 260"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3698",
"datePublished": "2022-03-08T14:07:49.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
Phase: Implementation
Description:
- If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.