PT-2015-7512 · Owncloud+2 · Owncloud Desktop Client+2

Publicado

2014-06-27

·

Atualizado

2021-06-16

·

CVE-2015-7298

CVSS v2.0

5.1

Média

VetorAV:N/AC:H/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions ownCloud Desktop Client versions prior to 2.0.1
Description The issue allows remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. This occurs because the client does not properly handle SSL errors when compiled with a Qt release after 5.3.x, making it easier for attackers to intercept communications.
Recommendations For ownCloud Desktop Client versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of self-signed certificates until a patch is applied. Restrict access to sensitive data and avoid using the client with untrusted networks to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2014-1826
ALT-PU-2014-1827
ALT-PU-2014-1828
ALT-PU-2014-1829
ALT-PU-2014-1830
ALT-PU-2014-1831
ALT-PU-2014-1832
ALT-PU-2014-1833
ALT-PU-2014-1834
ALT-PU-2014-1835
ALT-PU-2014-1836
ALT-PU-2014-1837
ALT-PU-2014-1838
ALT-PU-2014-1839
ALT-PU-2014-1840
ALT-PU-2014-1841
ALT-PU-2014-1842
ALT-PU-2014-1843
ALT-PU-2014-1844
ALT-PU-2014-2468
ALT-PU-2015-1496
ALT-PU-2015-1498
ALT-PU-2015-1499
ALT-PU-2015-1500
ALT-PU-2015-1504
ALT-PU-2015-1508
ALT-PU-2015-1509
ALT-PU-2015-1510
ALT-PU-2015-1511
ALT-PU-2015-1512
ALT-PU-2015-1513
ALT-PU-2015-1514
ALT-PU-2015-1515
ALT-PU-2015-1516
ALT-PU-2015-1517
ALT-PU-2015-1518
ALT-PU-2015-1519
ALT-PU-2015-1520
ALT-PU-2015-1521
ALT-PU-2015-1522
CVE-2015-7298

Produtos afetados

Alt Linux
Qt
Owncloud Desktop Client