CVE-2017-14806 — Improper Certificate Validation in Studio Onsite

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

5.9MEDIUMNVD

CNA3.7

EPSS

0.1%

top 69.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Studio Onsite Suse Susestudio-ui-server

Timeline

PublishedJan 27

Latest updateMay 24

Description

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5suse/studio_onsitesusestudio-common — 1.3.17-56.6.3

▶NVDsuse/susestudio-ui-server1.3.17-56.6.3

▶NVDsuse/studio_onsite1.3

🔴Vulnerability Details

GHSA

GHSA-94gx-rm2c-cw59: A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the reposito↗2022-05-24

▶

CVEList

Insecure handling of repodata and packages in SUSE Studio onlite↗2020-01-27

▶