Insecure handling of repodata and packages in SUSE Studio onlite
CVE-2017-14806

3.7LOW

Key Information:

Vendor
Suse
Status
Studio Onsite
Vendor
CVE Published:
27 January 2020

Summary

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.

Affected Version(s)

Studio onsite susestudio-common <= 1.3.17-56.6.3

References

https://bugzilla.suse.com/show_bug.cgi?id=1065397
x_refsource_CONFIRM

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Johannes Segitz of SUSE
.