CVE-2015-7298Owncloud-client vulnerability

4 documents4 sources
Severity
5.1MEDIUMNVD
OSV2.6
EPSS
0.2%
top 51.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Owncloud-clientOwncloud Desktop ClientQT
Timeline
PublishedOct 26
Latest updateMay 13

Description

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

debiandebian/owncloud-client< owncloud-client 2.0.0+dfsg-1 (bookworm)
NVDqt/qt5.3.0, 5.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-r285-rhx6-98jv: ownCloud Desktop Client before 22022-05-13
OSV
CVE-2015-7298: ownCloud Desktop Client before 22015-10-26

📋Vendor Advisories

1
Debian
CVE-2015-7298: owncloud-client - ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3....2015