Description
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
Remediation
References
https://www.openwall.com/lists/oss-security/2022/03/23/1
https://github.com/zaproxy/zaproxy/releases
http://www.openwall.com/lists/oss-security/2022/03/24/3
https://github.com/zaproxy/zaproxy/issues/7165
Related Vulnerabilities
CVE-2022-43433 Vulnerability in maven package io.jenkins.plugins:screenrecorder
CVE-2019-10333 Vulnerability in maven package org.jenkins-ci.plugins:electricflow
CVE-2021-23378 Vulnerability in npm package picotts
CVE-2020-35490 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind