CVE-2018-8059

Name of the Vulnerable Software and Affected Versions: SUSE Portus version 2.3

Description: The issue arises from the Djelibeybi configuration examples for NGINX in SUSE Portus, specifically when these configurations are applied to setups involving Docker Compose. The problem is a Missing SSL Certificate Validation issue, which occurs because the configurations do not utilize any proxy ssl * directives. This oversight can lead to security risks, as it may allow for unvalidated SSL certificates to be used.

Recommendations: For SUSE Portus version 2.3, consider adding the necessary proxy ssl * directives to the NGINX configuration to enable proper SSL certificate validation, especially in setups involving Docker Compose. As a temporary workaround, review and manually validate SSL certificates for all connections until a properly configured version is available.