CVE-2015-7298

Published: 10/26/2015 Last updated: 8/6/2024 Reserved: 9/21/2015

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-qt oqamldebug

Products affected (1)

Product	Vendor	Version
n/a	n/a	12.2.3

References (2)

https://owncloud.org/security/advisory/?id=oc-sa-2015-016
https://owncloud.org/security/advisory/?id=oc-sa-2015-016