1737797 – (CVE-2019-3685) CVE-2019-3685 osc: ails to adequately verify TLS certificates allowing for a man in the middle attack

Bug 1737797 (CVE-2019-3685) - CVE-2019-3685 osc: ails to adequately verify TLS certificates allowing for a man in the middle attack

Summary: CVE-2019-3685 osc: ails to adequately verify TLS certificates allowing for a ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-3685
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-08-06 09:01 UTC by Marian Rehak
Modified:	2020-01-01 17:41 UTC (History)
CC List:	3 users (show)
Fixed In Version:	osc-0.166.2-272.1.2.fc30, osc-0.166.2-272.1.2.fc31
Clone Of:
Environment:
Last Closed:	2020-01-01 17:41:40 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-08-06 09:01:00 UTC

osc (Open Build Service Commander), versions 0.165.0 through 0.165.2, fails to adequately verify TLS certificates. This allows for man-in-the-middle attacks on HTTPS connections

Comment 1 Neal Gompa 2020-01-01 17:41:40 UTC

This has been fixed in Fedora since osc-0.166.2-272.1.2.

Note You need to log in before you can comment on or make changes to this bug.