Insecure handling of repodata and packages in SUSE Studio onlite
CVE-2017-14806

3.7LOW

Key Information:

Vendor: Suse
Status: Studio Onsite
Vendor: CVE Published:; 27 January 2020

What is CVE-2017-14806?

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.

Affected Version(s)

Studio onsite susestudio-common <= 1.3.17-56.6.3

References

https://bugzilla.suse.com/show_bug.cgi?id=1065397

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2020
Vulnerability Reserved
Sep 27, 2017

Credit

Johannes Segitz of SUSE

Suse

What is CVE-2017-14806?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit