Unrated severityNVD Advisory· Published Nov 5, 2019· Updated Sep 16, 2024
Missing TLS certificate validation for HTTPS connections in osc
CVE-2019-3685
Description
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: <0.165.4
- osv-coords4 versionspkg:rpm/opensuse/osc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/osc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/osc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/osc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0.165.4-lp151.2.6.1+ 3 more
- (no CPE)range: < 0.165.4-lp151.2.6.1
- (no CPE)range: < 0.174.0-1.2
- (no CPE)range: < 0.165.4-3.9.1
- (no CPE)range: < 0.182.0-15.12.1
- Open Build Service/Open Build Servicev5Range: unspecified
Patches
Vulnerability mechanics
References
1- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.