Lucene search
SuseCVELIST:CVE-2019-3685HistoryNov 05, 2019 - 9:30 a.m.
CVE-2019-3685 Missing TLS certificate validation for HTTPS connections in osc
2019-11-0509:30:41
CWE-295
suse
www.cve.org
5
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.7
Confidence
High
EPSS
0.002
Percentile
57.8%
Open Build Service before version 0.165.4 diddn’t validate TLS certificates for HTTPS connections with the osc client binary
CNA Affected
[
{
"product": "Open Build Service",
"vendor": "Open Build Service",
"versions": [
{
"lessThan": "0.165.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2019-3685
2019-11-05 00:00:00
suse
suse
Security update for osc (important)
2019-08-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:2067-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for osc (openSUSE-SU-2019:1844-1)
2020-01-09 00:00:00
prion
prion
Open redirect
2019-11-05 10:15:00
debiancve
debiancve
CVE-2019-3685
2019-11-05 10:15:12
nessus
nessus
openSUSE Security Update : osc (openSUSE-2019-1844)
2019-08-13 00:00:00
SUSE SLES12 Security Update : osc (SUSE-SU-2022:4351-1)
2022-12-08 00:00:00
nvd
nvd
CVE-2019-3685
2019-11-05 10:15:12
cve
cve
CVE-2019-3685
2019-11-05 10:15:12
osv
osv
osc-0.174.0-1.2 on GA media
2024-06-15 00:00:00
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.7
Confidence
High
EPSS
0.002
Percentile
57.8%
Related for CVELIST:CVE-2019-3685