CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
A insecure TrustManager is an implementation of the TrustManager interface, where the checkServerTrusted method trusts any certificate because it never throws a CertificateException.
As the TrustManager trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.
Query
github/codeql#4879
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
CVE-2020-26234
(The CVE explicitly talks about hostname verification but at the same time it also had a insecure
TrustManagerimplementation, see here:https://github.com/opencast/opencast/blob/640c5017db13b0c1875b2fe52360f873a074291c/modules/kernel/src/main/java/org/opencastproject/kernel/http/impl/HttpClientImpl.java#L119-L153)
CVE-2020-13955
(The CVE explicitly talks about hostname verification but at the same time it also had a insecure
TrustManagerimplementation, see here:apache/calcite@43eeafc and https://github.com/apache/calcite/blob/3d13846a13398a1ba6c1fa84a7d0c0cc543f23d4/core/src/main/java/org/apache/calcite/runtime/TrustAllSslSocketFactory.java#L50)
CVE-2021-21385 (GHSA-9657-33wf-rmvx)
Note that the fixed code is written in Kotlin; the app has recently been converted to a Kotlin app and the issue has been found in the semantically equivalent Java version.
CVE-2021-32700 (GHSA-f5qg-fqrw-v5ww)
This issue would have allowed a supply-chain-attack/RCE against users of Ballerina via a MitM.
The fix commit is here: ballerina-platform/ballerina-lang@2476dcf#diff-bb49a1821c5dd9c8b726befeabc0a090e449952fd6a876106216685c8946258e
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
A insecure
TrustManageris an implementation of theTrustManagerinterface, where thecheckServerTrustedmethod trusts any certificate because it never throws aCertificateException.As the
TrustManagertrusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.Query
github/codeql#4879