Описание
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.1.1+dfsg-1ubuntu1.1 |
| cosmic | not-affected | 2.1.1+dfsg-1ubuntu1.1 |
| devel | not-affected | 2.1.1+dfsg-1ubuntu1.1 |
| disco | not-affected | 2.1.1+dfsg-1ubuntu1.1 |
| esm-apps/bionic | not-affected | 2.1.1+dfsg-1ubuntu1.1 |
| esm-apps/xenial | not-affected | 2.1.1+dfsg-1ubuntu1.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
2.6 Low
CVSS2
Связанные уязвимости
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::igno ...
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
2.6 Low
CVSS2