CVE-2015-4456 — Owncloud-client vulnerability

8 documents4 sources

Severity

5.1MEDIUMNVD

NVD2.6OSV2.6

EPSS

0.2%

top 63.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Owncloud-client Owncloud Desktop Client QT

Timeline

PublishedOct 26

Latest updateMay 17

Description

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDowncloud/owncloud_desktop_client2.0.0+1

▶debiandebian/owncloud-client< owncloud-client 1.8.4+dfsg-1 (bookworm)+1

▶NVDqt/qt5.3.0, 5.4.1+1

🔴Vulnerability Details

GHSA

GHSA-p85q-834g-x9vx: ownCloud Desktop Client before 1↗2022-05-17

▶

GHSA

GHSA-r285-rhx6-98jv: ownCloud Desktop Client before 2↗2022-05-13

▶

OSV

CVE-2015-4456: ownCloud Desktop Client before 1↗2015-10-26

▶

OSV

CVE-2015-7298: ownCloud Desktop Client before 2↗2015-10-26

▶

📋Vendor Advisories

Debian

CVE-2015-4456: owncloud-client - ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslError...↗2015

▶

Debian

CVE-2015-7298: owncloud-client - ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3....↗2015

▶