[Java]: CVE-2020-26234 - Insecure TrustManager - MiTM 

## CVE ID(s)

*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*

[CVE-2020-26234](https://github.com/advisories/GHSA-44cw-p2hm-gpf6)

## Report
*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*

A insecure ``TrustManager`` is an implementation of the ``TrustManager`` interface, where the checkServerTrusted method trusts any certificate because it never throws a CertificateException.
As the ``TrustManager`` trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.



- [ ] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*

##Query:

github/codeql#4879

## Result(s)

[CVE-2020-26234](https://github.com/advisories/GHSA-44cw-p2hm-gpf6)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE ID(s)

Report

Result(s)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Description

CVE ID(s)

Report

Result(s)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions