CWE-599
Missing Validation of OpenSSL Certificate
The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.
CVE-2021-21374 (GCVE-0-2021-21374)
Vulnerability from cvelistv5
Published
2021-03-26 21:25
Modified
2024-08-03 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:09:15.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nim-lang/Nim/pull/16940" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "security", "vendor": "nim-lang", "versions": [ { "status": "affected", "version": "\u003c 1.2.10" }, { "status": "affected", "version": "\u003e= 1.4.0, \u003c 1.4.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-599", "description": "CWE-599: Missing Validation of OpenSSL Certificate", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-349", "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-26T21:25:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nim-lang/Nim/pull/16940" } ], "source": { "advisory": "GHSA-c2wm-v66h-xhxx", "discovery": "UNKNOWN" }, "title": "Nimble fails to validate certificates due to insecure httpClient defaults", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21374", "STATE": "PUBLIC", "TITLE": "Nimble fails to validate certificates due to insecure httpClient defaults" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "security", "version": { "version_data": [ { "version_value": "\u003c 1.2.10" }, { "version_value": "\u003e= 1.4.0, \u003c 1.4.4" } ] } } ] }, "vendor_name": "nim-lang" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-348 Use of Less Trusted Source" } ] }, { "description": [ { "lang": "eng", "value": "CWE-599: Missing Validation of OpenSSL Certificate" } ] }, { "description": [ { "lang": "eng", "value": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data" } ] } ] }, "references": { "reference_data": [ { "name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/", "refsource": "MISC", "url": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/" }, { "name": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130", "refsource": "MISC", "url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130" }, { "name": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx", "refsource": "CONFIRM", "url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx" }, { "name": "https://github.com/nim-lang/Nim/pull/16940", "refsource": "MISC", "url": "https://github.com/nim-lang/Nim/pull/16940" } ] }, "source": { "advisory": "GHSA-c2wm-v66h-xhxx", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21374", "datePublished": "2021-03-26T21:25:14", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:15.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-31105 (GCVE-0-2022-31105)
Vulnerability from cvelistv5
Published
2022-07-12 22:05
Modified
2025-04-23 18:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. This mitigation only forces certificate validation when the API server handles login flows. It does not force certificate verification when verifying tokens on API calls.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:11:39.204Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.5" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-31105", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:51:34.574172Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T18:02:44.544Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "argo-cd", "vendor": "argoproj", "versions": [ { "status": "affected", "version": "\u003e= 0.4.0, \u003c 2.2.11" }, { "status": "affected", "version": "\u003e= 2.3.0, \u003c 2.3.6" }, { "status": "affected", "version": "\u003e= 2.4.0, \u003c 2.4.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. This mitigation only forces certificate validation when the API server handles login flows. It does not force certificate verification when verifying tokens on API calls." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-599", "description": "CWE-599: Missing Validation of OpenSSL Certificate", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-12T22:05:11.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.5" } ], "source": { "advisory": "GHSA-7943-82jg-wmw5", "discovery": "UNKNOWN" }, "title": "Argo CD\u0027s certificate verification is skipped for connections to OIDC providers", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31105", "STATE": "PUBLIC", "TITLE": "Argo CD\u0027s certificate verification is skipped for connections to OIDC providers" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "argo-cd", "version": { "version_data": [ { "version_value": "\u003e= 0.4.0, \u003c 2.2.11" }, { "version_value": "\u003e= 2.3.0, \u003c 2.3.6" }, { "version_value": "\u003e= 2.4.0, \u003c 2.4.5" } ] } } ] }, "vendor_name": "argoproj" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. This mitigation only forces certificate validation when the API server handles login flows. It does not force certificate verification when verifying tokens on API calls." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-295: Improper Certificate Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-599: Missing Validation of OpenSSL Certificate" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5", "refsource": "CONFIRM", "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5" }, { "name": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.6", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.3.6" }, { "name": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.5", "refsource": "MISC", "url": "https://github.com/argoproj/argo-cd/releases/tag/v2.4.5" } ] }, "source": { "advisory": "GHSA-7943-82jg-wmw5", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31105", "datePublished": "2022-07-12T22:05:11.000Z", "dateReserved": "2022-05-18T00:00:00.000Z", "dateUpdated": "2025-04-23T18:02:44.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- Ensure that proper authentication is included in the system design.
Mitigation
Phase: Implementation
Description:
- Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No CAPEC attack patterns related to this CWE.