Description
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/03/24/3
https://github.com/zaproxy/zaproxy/releases
https://www.openwall.com/lists/oss-security/2022/03/23/1
https://github.com/zaproxy/zaproxy/issues/7165
Related Vulnerabilities
CVE-2017-14063 Vulnerability in maven package org.asynchttpclient:async-http-client-project
CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master
CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources
CVE-2019-20330 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2019-16571 Vulnerability in maven package org.jenkins-ci.plugins:rapiddeploy-jenkins