7.7
CVE-2019-3685
- EPSS 0.18%
- Veröffentlicht 05.11.2019 10:15:12
- Zuletzt bearbeitet 21.11.2024 04:42:19
- Quelle meissner@suse.de
- CVE-Watchlists
- Unerledigt
LoginMissing TLS certificate validation for HTTPS connections in osc
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensuse ≫ Open Build Service Version < 0.165.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.397 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 2.2 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| meissner@suse.de | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.