CVE-2019-3685 HIGH

CVE-2019-3685: Missing TLS certificate validation for HTTPS connections in osc

Vendor Open Build Service
Product Open Build Service
Weakness CWE-295
Published November 5, 2019
Last update September 16, 2024

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

Key dates

02Disclosure timeline

November 5, 2019 CVE published
September 16, 2024 Record updated