Man-in-the-Middle Vulnerability in ownCloud Desktop Client
CVE-2015-7298

Currently unrated

Key Information:

Vendor: Owncloud
Status: Owncloud Desktop Client; Qt
Vendor: CVE Published:; 26 October 2015

What is CVE-2015-7298?

The ownCloud Desktop Client prior to version 2.0.1 is susceptible to man-in-the-middle attacks due to improper handling of SSL errors. Specifically, when compiled with a Qt release beyond 5.3.x, the client fails to appropriately invoke QNetworkReply::ignoreSslErrors with the necessary list of errors to be ignored. This oversight allows attackers to exploit connections using self-signed certificates, posing a significant risk to user data integrity and confidentiality.

References

https://owncloud.org/security/advisory/?id=oc-sa-2015-016

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Sep 21, 2015

Owncloud

What is CVE-2015-7298?

References

Timeline