Improper Certificate Validation

2024-05-0307:44:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

transifex-client vulnerability

certificate validation

man-in-the-middle attack

x.509 certificates

data transfer connections

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

35.2%

JSON

transifex-client is vulnerable to Improper Certificate Validation. The vulnerability is due to not validating X.509 certificates during data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.