CVE Vulnerabilities

CVE-2015-4456

Published: Oct 26, 2015 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the users certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.

Affected Software

Name Vendor Start Version End Version
Owncloud_desktop_client Owncloud * 1.8.1 (including)
Owncloud-client Ubuntu artful *
Owncloud-client Ubuntu trusty *
Owncloud-client Ubuntu upstream *
Owncloud-client Ubuntu vivid *
Owncloud-client Ubuntu wily *
Owncloud-client Ubuntu yakkety *
Owncloud-client Ubuntu zesty *

References