Open Build Service before version 0.165.4 Improper Certificate Validation Vulnerability

Summary

Open Build Service before version 0.165.4 suffers from improper certificate validation vulnerability.

Credit:

The information has been provided by Vendor

The original article can be found at:https://bugzilla.suse.com/show_bug.cgi?id=1142518


Details

Open Build Service before version 0.165.4 didn’t validate TLS certificates for HTTPS connections with the OSC client binary

 

Vulnerable Systems:

Open Build Service before version 0.165.4 

 

CVE Information:

CVE-2019-3685

Disclosure Timeline:
Published Date:11/5/2019