Insecure handling of repodata and packages in SUSE Studio onlite

CVE-2017-14806

3.7LOW

Key Information

Vendor: Suse
Status: Studio Onsite
Vendor: CVE Published:; 27 January 2020

Summary

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.

Affected Version(s)

Studio onsite <= 1.3.17-56.6.3

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 5.9 to: 3.7 - (LOW)
Feb 22, 2024
Vulnerability published.
Jan 27, 2020
Vulnerability Reserved.
Sep 27, 2017

Collectors

NVD DatabaseMitre Database

Credit

Johannes Segitz of SUSE