Vulnerability-Lookup

CVE-2019-3685 (GCVE-0-2019-3685)

Vulnerability from cvelistv5 – Published: 2019-11-05 09:30 – Updated: 2024-09-16 16:49

Title

Missing TLS certificate validation for HTTPS connections in osc

Summary

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-295 - Improper Certificate Validation

Assigner

suse

References

1 reference

URL	Tags
https://bugzilla.suse.com/show_bug.cgi?id=1142518	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Open Build Service	Open Build Service	Affected: unspecified , < 0.165.4 (custom)

Date Public

2019-07-23 00:00

Credits

Wolfgang Frisch of SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:16.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Open Build Service",
          "vendor": "Open Build Service",
          "versions": [
            {
              "lessThan": "0.165.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Wolfgang Frisch of SUSE"
        }
      ],
      "datePublic": "2019-07-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-05T09:30:41.000Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1142518",
        "defect": [
          "1142518"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Missing TLS certificate validation for HTTPS connections in osc",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2019-07-23T00:00:00.000Z",
          "ID": "CVE-2019-3685",
          "STATE": "PUBLIC",
          "TITLE": "Missing TLS certificate validation for HTTPS connections in osc"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Open Build Service",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.165.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Open Build Service"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Wolfgang Frisch of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-295: Improper Certificate Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1142518",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1142518",
          "defect": [
            "1142518"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-3685",
    "datePublished": "2019-11-05T09:30:41.212Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:49:06.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-3685",
      "date": "2026-05-28",
      "epss": "0.0018",
      "percentile": "0.39286"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.165.4\", \"matchCriteriaId\": \"7D01CFBC-5D13-45F7-B49A-59605D139704\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary\"}, {\"lang\": \"es\", \"value\": \"Open Build Service anterior a la versi\\u00f3n 0.165.4, no valid\\u00f3 los certificados TLS para las conexiones HTTPS con el binario del cliente osc\"}]",
      "id": "CVE-2019-3685",
      "lastModified": "2024-11-21T04:42:19.757",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"meissner@suse.de\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-05T10:15:12.653",
      "references": "[{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1142518\", \"source\": \"meissner@suse.de\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1142518\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "meissner@suse.de",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"meissner@suse.de\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3685\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2019-11-05T10:15:12.653\",\"lastModified\":\"2024-11-21T04:42:19.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary\"},{\"lang\":\"es\",\"value\":\"Open Build Service anterior a la versi\u00f3n 0.165.4, no valid\u00f3 los certificados TLS para las conexiones HTTPS con el binario del cliente osc\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":5.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.165.4\",\"matchCriteriaId\":\"7D01CFBC-5D13-45F7-B49A-59605D139704\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1142518\",\"source\":\"meissner@suse.de\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1142518\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

BDU:2020-01354

Vulnerability from fstec - Published: 05.11.2019

Title

Уязвимость программной платфоры Open Build Service, связанная с ошибками подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности и реализовать атаку типа «человек посередине»

Description

Уязвимость программной платфоры Open Build Service связана с ошибками подтверждения подлинности сертификата. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности и реализовать атаку типа «человек посередине»

Severity


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Vendor

Novell Inc.

Software Name

SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap

Software Version

15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap)

Possible Mitigations

Использование рекомендаций производителя: https://www.suse.com/security/cve/CVE-2019-3685/

Reference

https://www.suse.com/security/cve/CVE-2019-3685/ https://nvd.nist.gov/vuln/detail/CVE-2019-3685

CWE

CWE-295

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:P",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.suse.com/security/cve/CVE-2019-3685/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.11.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01354",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-3685",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.1 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u044b Open Build Service, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0442\u0438\u043f\u0430 \u00ab\u0447\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435\u00bb",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 (CWE-295)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u044b Open Build Service \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0442\u0438\u043f\u0430 \u00ab\u0447\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435\u00bb",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2019-3685/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3685",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-295",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)"
}

FKIE_CVE-2019-3685

Vulnerability from fkie_nvd - Published: 2019-11-05 10:15 - Updated: 2024-11-21 04:42

Severity

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Summary

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

References

	URL	Tags
	meissner@suse.de	https://bugzilla.suse.com/show_bug.cgi?id=1142518	Exploit, Issue Tracking, Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=1142518	Exploit, Issue Tracking, Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	opensuse	open_build_service	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D01CFBC-5D13-45F7-B49A-59605D139704",
              "versionEndExcluding": "0.165.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary"
    },
    {
      "lang": "es",
      "value": "Open Build Service anterior a la versi\u00f3n 0.165.4, no valid\u00f3 los certificados TLS para las conexiones HTTPS con el binario del cliente osc"
    }
  ],
  "id": "CVE-2019-3685",
  "lastModified": "2024-11-21T04:42:19.757",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-05T10:15:12.653",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J9GX-CCW3-W6CF

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00

Details

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3685"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-05T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
  "id": "GHSA-j9gx-ccw3-w6cf",
  "modified": "2022-05-24T17:00:22Z",
  "published": "2022-05-24T17:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3685"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-3685

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

Aliases

CVE-2019-3685

Aliases

CVE-2019-3685

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3685",
    "description": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
    "id": "GSD-2019-3685",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-3685.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3685"
      ],
      "details": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
      "id": "GSD-2019-3685",
      "modified": "2023-12-13T01:24:03.015020Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@suse.com",
        "DATE_PUBLIC": "2019-07-23T00:00:00.000Z",
        "ID": "CVE-2019-3685",
        "STATE": "PUBLIC",
        "TITLE": "Missing TLS certificate validation for HTTPS connections in osc"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Open Build Service",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "0.165.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Open Build Service"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Wolfgang Frisch of SUSE"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-295: Improper Certificate Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1142518",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
          }
        ]
      },
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1142518",
        "defect": [
          "1142518"
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opensuse:open_build_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.165.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2019-3685"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1142518",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142518"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.5
        }
      },
      "lastModifiedDate": "2019-11-08T16:35Z",
      "publishedDate": "2019-11-05T10:15Z"
    }
  }
}

OPENSUSE-SU-2019:1844-1

Vulnerability from csaf_opensuse - Published: 2019-08-12 14:08 - Updated: 2019-08-12 14:08

Summary

Security update for osc

Severity

Important

Notes

Title of the patch: Security update for osc

Description of the patch: This update for osc to version 0.165.4 fixes the following issues: Security issue fixed: - CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518). Non-security issues fixed: - support different token operations (runservice, release and rebuild) (requires OBS 2.10) - fix osc token decode error - offline build mode is now really offline and does not try to download the buildconfig - osc build -define now works with python3 - fixes an issue where the error message on osc meta -e was not parsed correctly - osc maintainer -s now works with python3 - simplified and fixed osc meta -e (bsc#1138977) - osc lbl now works with non utf8 encoding (bsc#1129889) - add simpleimage as local build type - allow optional fork when creating a maintenance request - fix RPMError fallback - fix local caching for all package formats - fix appname for trusted cert store - osc -h does not break anymore when using plugins - switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d - fix osc ls -lb handling empty size and mtime - removed decoding on osc api command. This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patchnames: openSUSE-2019-1844

CVE-2019-3685

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:osc-0.165.4-lp151.2.6.1.noarch		—	Vendor Fix

Threats

Impact important

References

14 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1129889	self
https://bugzilla.suse.com/1138977	self
https://bugzilla.suse.com/1140697	self
https://bugzilla.suse.com/1142518	self
https://bugzilla.suse.com/1142662	self
https://bugzilla.suse.com/1144211	self
https://www.suse.com/security/cve/CVE-2019-3685/	self
https://www.suse.com/security/cve/CVE-2019-3685	external
https://bugzilla.suse.com/1142518	external
https://bugzilla.suse.com/1142662	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for osc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for osc to version 0.165.4 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518).\n\nNon-security issues fixed:\n\n- support different token operations (runservice, release and rebuild) (requires OBS 2.10)\n- fix osc token decode error\n- offline build mode is now really offline and does not try to download the buildconfig\n- osc build -define now works with python3\n- fixes an issue where the error message on osc meta -e was not parsed correctly\n- osc maintainer -s now works with python3\n- simplified and fixed osc meta -e (bsc#1138977) \n- osc lbl now works with non utf8 encoding (bsc#1129889)\n- add simpleimage as local build type \n- allow optional fork when creating a maintenance request\n- fix RPMError fallback\n- fix local caching for all package formats\n- fix appname for trusted cert store\n- osc -h does not break anymore when using plugins \n- switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing.\n  This will fix all decoding issues with osc diff, osc ci and osc rq -d\n- fix osc ls -lb handling empty size and mtime\n- removed decoding on osc api command.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1844",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1844-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1844-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M2AIZJVEMKESSHPXKBTNWAXKY4GTXTFO/#M2AIZJVEMKESSHPXKBTNWAXKY4GTXTFO"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1844-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M2AIZJVEMKESSHPXKBTNWAXKY4GTXTFO/#M2AIZJVEMKESSHPXKBTNWAXKY4GTXTFO"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1129889",
        "url": "https://bugzilla.suse.com/1129889"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1138977",
        "url": "https://bugzilla.suse.com/1138977"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1140697",
        "url": "https://bugzilla.suse.com/1140697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142518",
        "url": "https://bugzilla.suse.com/1142518"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142662",
        "url": "https://bugzilla.suse.com/1142662"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1144211",
        "url": "https://bugzilla.suse.com/1144211"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3685 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3685/"
      }
    ],
    "title": "Security update for osc",
    "tracking": {
      "current_release_date": "2019-08-12T14:08:22Z",
      "generator": {
        "date": "2019-08-12T14:08:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1844-1",
      "initial_release_date": "2019-08-12T14:08:22Z",
      "revision_history": [
        {
          "date": "2019-08-12T14:08:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.165.4-lp151.2.6.1.noarch",
                "product": {
                  "name": "osc-0.165.4-lp151.2.6.1.noarch",
                  "product_id": "osc-0.165.4-lp151.2.6.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.165.4-lp151.2.6.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:osc-0.165.4-lp151.2.6.1.noarch"
        },
        "product_reference": "osc-0.165.4-lp151.2.6.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-3685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:osc-0.165.4-lp151.2.6.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3685",
          "url": "https://www.suse.com/security/cve/CVE-2019-3685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142518 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142518"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142662 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:osc-0.165.4-lp151.2.6.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.1:osc-0.165.4-lp151.2.6.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-08-12T14:08:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-3685"
    }
  ]
}

OPENSUSE-SU-2024:11133-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

osc-0.174.0-1.2 on GA media

Severity

Moderate

Notes

Title of the patch: osc-0.174.0-1.2 on GA media

Description of the patch: These are all security issues fixed in the osc-0.174.0-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-11133

CVE-2019-3681

4.2 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-3685

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64	—	Vendor Fix

Threats

Impact important

References

9 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2019-3681/	self
https://www.suse.com/security/cve/CVE-2019-3685/	self
https://www.suse.com/security/cve/CVE-2019-3681	external
https://bugzilla.suse.com/1122675	external
https://www.suse.com/security/cve/CVE-2019-3685	external
https://bugzilla.suse.com/1142518	external
https://bugzilla.suse.com/1142662	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "osc-0.174.0-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the osc-0.174.0-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11133",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11133-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3681 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3681/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3685 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3685/"
      }
    ],
    "title": "osc-0.174.0-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11133-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.174.0-1.2.aarch64",
                "product": {
                  "name": "osc-0.174.0-1.2.aarch64",
                  "product_id": "osc-0.174.0-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.174.0-1.2.ppc64le",
                "product": {
                  "name": "osc-0.174.0-1.2.ppc64le",
                  "product_id": "osc-0.174.0-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.174.0-1.2.s390x",
                "product": {
                  "name": "osc-0.174.0-1.2.s390x",
                  "product_id": "osc-0.174.0-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.174.0-1.2.x86_64",
                "product": {
                  "name": "osc-0.174.0-1.2.x86_64",
                  "product_id": "osc-0.174.0-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.174.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64"
        },
        "product_reference": "osc-0.174.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.174.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le"
        },
        "product_reference": "osc-0.174.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.174.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x"
        },
        "product_reference": "osc-0.174.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.174.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
        },
        "product_reference": "osc-0.174.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-3681",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3681"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64",
          "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le",
          "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x",
          "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3681",
          "url": "https://www.suse.com/security/cve/CVE-2019-3681"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122675 for CVE-2019-3681",
          "url": "https://bugzilla.suse.com/1122675"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3681"
    },
    {
      "cve": "CVE-2019-3685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64",
          "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le",
          "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x",
          "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3685",
          "url": "https://www.suse.com/security/cve/CVE-2019-3685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142518 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142518"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142662 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:osc-0.174.0-1.2.aarch64",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.ppc64le",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.s390x",
            "openSUSE Tumbleweed:osc-0.174.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-3685"
    }
  ]
}

SUSE-SU-2019:2067-1

Vulnerability from csaf_suse - Published: 2019-08-06 15:22 - Updated: 2019-08-06 15:22

Summary

Security update for osc

Severity

Important

Notes

Title of the patch: Security update for osc

Patchnames: SUSE-2019-2067,SUSE-SLE-Module-Development-Tools-15-SP1-2019-2067

CVE-2019-3685

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP1:osc-0.165.4-3.9.1.noarch		—	Vendor Fix

Threats

Impact important

References

14 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1129889	self
https://bugzilla.suse.com/1138977	self
https://bugzilla.suse.com/1140697	self
https://bugzilla.suse.com/1142518	self
https://bugzilla.suse.com/1142662	self
https://bugzilla.suse.com/1144211	self
https://www.suse.com/security/cve/CVE-2019-3685/	self
https://www.suse.com/security/cve/CVE-2019-3685	external
https://bugzilla.suse.com/1142518	external
https://bugzilla.suse.com/1142662	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for osc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for osc to version 0.165.4 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518).\n\nNon-security issues fixed:\n\n- support different token operations (runservice, release and rebuild) (requires OBS 2.10)\n- fix osc token decode error\n- offline build mode is now really offline and does not try to download the buildconfig\n- osc build -define now works with python3\n- fixes an issue where the error message on osc meta -e was not parsed correctly\n- osc maintainer -s now works with python3\n- simplified and fixed osc meta -e (bsc#1138977) \n- osc lbl now works with non utf8 encoding (bsc#1129889)\n- add simpleimage as local build type \n- allow optional fork when creating a maintenance request\n- fix RPMError fallback\n- fix local caching for all package formats\n- fix appname for trusted cert store\n- osc -h does not break anymore when using plugins \n- switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing.\n  This will fix all decoding issues with osc diff, osc ci and osc rq -d\n- fix osc ls -lb handling empty size and mtime\n- removed decoding on osc api command.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-2067,SUSE-SLE-Module-Development-Tools-15-SP1-2019-2067",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2067-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:2067-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192067-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:2067-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-August/005785.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1129889",
        "url": "https://bugzilla.suse.com/1129889"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1138977",
        "url": "https://bugzilla.suse.com/1138977"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1140697",
        "url": "https://bugzilla.suse.com/1140697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142518",
        "url": "https://bugzilla.suse.com/1142518"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142662",
        "url": "https://bugzilla.suse.com/1142662"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1144211",
        "url": "https://bugzilla.suse.com/1144211"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3685 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3685/"
      }
    ],
    "title": "Security update for osc",
    "tracking": {
      "current_release_date": "2019-08-06T15:22:09Z",
      "generator": {
        "date": "2019-08-06T15:22:09Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:2067-1",
      "initial_release_date": "2019-08-06T15:22:09Z",
      "revision_history": [
        {
          "date": "2019-08-06T15:22:09Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.165.4-3.9.1.noarch",
                "product": {
                  "name": "osc-0.165.4-3.9.1.noarch",
                  "product_id": "osc-0.165.4-3.9.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.165.4-3.9.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP1:osc-0.165.4-3.9.1.noarch"
        },
        "product_reference": "osc-0.165.4-3.9.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-3685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP1:osc-0.165.4-3.9.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3685",
          "url": "https://www.suse.com/security/cve/CVE-2019-3685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142518 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142518"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142662 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP1:osc-0.165.4-3.9.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP1:osc-0.165.4-3.9.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-08-06T15:22:09Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-3685"
    }
  ]
}

SUSE-SU-2022:4351-1

Vulnerability from csaf_suse - Published: 2022-12-07 16:38 - Updated: 2022-12-07 16:38

Summary

Security update for osc

Severity

Important

Notes

Title of the patch: Security update for osc

Description of the patch: This update for osc fixes the following issues: osc was updated to version 0.182.0 (bsc#1154972, bsc#1144211, bsc#1142662, bsc#1140697, bsc#1138165): - Added MFA support (jsc#OBS-203). - CVE-2019-3681: Fixed vulnerability where osc stored downloaded RPMs in network controlled paths (bsc#1122675). - CVE-2019-3685: Fixed broken TLS certificate handling (bsc#1142518). Bugfixes: - Removed use of chardet to guess encoding. Utf-8 or latin-1 is now assumed, which will speed up decoding (bsc#1173926). - Added helper method _html_escape to enable python3.8 and python2.* compatibility (bsc#1166537). - Added MR creation to honor orev (bsc#1160446). - Fixed local build outside of the working copy of a package (bsc#1136584). - Don't enforce password reuse (bsc#1156501). - osc vc --file=foo bar.changes now writes the content from foo into bar.changes instead of creating a new file (bsc#1155953). - Fixed decoding on osc lbl (bsc#1137477). - Simplified and fixed osc meta -e (bsc#1138977). - osc lbl now works with non utf8 encoding (bsc#1129889). - Added full python3 compatibility (bsc#1125243, bsc#1131512, bsc#1129757). - Fixed slowdown of rbl with readline(bufsize) function (bsc#1127932). - Fixed osc build -p dir TypeError (bsc#1126055). - Fixed osc buildinfo -p TypeError (bsc#1126058). - Added new options --unexpand and --meta to diff command (bsc#1089025). - Fixed Requires to python-base which does not contain ssl.py (bsc#1097996).

Patchnames: SUSE-2022-4351,SUSE-SLE-SDK-12-SP5-2022-4351

CVE-2019-3681

4.2 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch		—	Vendor Fix

Threats

Impact moderate

CVE-2019-3685

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch		—	Vendor Fix

Threats

Impact important

References

35 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1089025	self
https://bugzilla.suse.com/1097996	self
https://bugzilla.suse.com/1122675	self
https://bugzilla.suse.com/1125243	self
https://bugzilla.suse.com/1126055	self
https://bugzilla.suse.com/1126058	self
https://bugzilla.suse.com/1127932	self
https://bugzilla.suse.com/1129757	self
https://bugzilla.suse.com/1129889	self
https://bugzilla.suse.com/1131512	self
https://bugzilla.suse.com/1136584	self
https://bugzilla.suse.com/1137477	self
https://bugzilla.suse.com/1138165	self
https://bugzilla.suse.com/1138977	self
https://bugzilla.suse.com/1140697	self
https://bugzilla.suse.com/1142518	self
https://bugzilla.suse.com/1142662	self
https://bugzilla.suse.com/1144211	self
https://bugzilla.suse.com/1154972	self
https://bugzilla.suse.com/1155953	self
https://bugzilla.suse.com/1156501	self
https://bugzilla.suse.com/1160446	self
https://bugzilla.suse.com/1166537	self
https://bugzilla.suse.com/1173926	self
https://www.suse.com/security/cve/CVE-2019-3681/	self
https://www.suse.com/security/cve/CVE-2019-3685/	self
https://www.suse.com/security/cve/CVE-2019-3681	external
https://bugzilla.suse.com/1122675	external
https://www.suse.com/security/cve/CVE-2019-3685	external
https://bugzilla.suse.com/1142518	external
https://bugzilla.suse.com/1142662	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for osc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for osc fixes the following issues:\n\n  osc was updated to version 0.182.0 (bsc#1154972, bsc#1144211, bsc#1142662, bsc#1140697, bsc#1138165):\n\n  - Added MFA support (jsc#OBS-203).\n  - CVE-2019-3681: Fixed vulnerability where osc stored downloaded RPMs in network controlled paths (bsc#1122675).\n  - CVE-2019-3685: Fixed broken TLS certificate handling (bsc#1142518). \n\n  Bugfixes:\n  - Removed use of chardet to guess encoding. Utf-8 or latin-1 is now assumed, which will speed up decoding (bsc#1173926).\n  - Added helper method _html_escape to enable python3.8 and python2.* compatibility (bsc#1166537).\n  - Added MR creation to honor orev (bsc#1160446).\n  - Fixed local build outside of the working copy of a package (bsc#1136584).\n  - Don\u0027t enforce password reuse (bsc#1156501).\n  - osc vc --file=foo bar.changes now writes the content from foo into bar.changes instead of creating a new file (bsc#1155953).\n  - Fixed decoding on osc lbl (bsc#1137477).\n  - Simplified and fixed osc meta -e (bsc#1138977).\n  - osc lbl now works with non utf8 encoding (bsc#1129889).\n  - Added full python3 compatibility (bsc#1125243, bsc#1131512, bsc#1129757).\n  - Fixed slowdown of rbl with readline(bufsize) function (bsc#1127932).\n  - Fixed osc build -p dir TypeError (bsc#1126055).\n  - Fixed osc buildinfo -p TypeError (bsc#1126058).\n  - Added new options --unexpand and --meta to diff command (bsc#1089025).\n  - Fixed Requires to python-base which does not contain ssl.py (bsc#1097996).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-4351,SUSE-SLE-SDK-12-SP5-2022-4351",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4351-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:4351-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224351-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:4351-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013202.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1089025",
        "url": "https://bugzilla.suse.com/1089025"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097996",
        "url": "https://bugzilla.suse.com/1097996"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1122675",
        "url": "https://bugzilla.suse.com/1122675"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125243",
        "url": "https://bugzilla.suse.com/1125243"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126055",
        "url": "https://bugzilla.suse.com/1126055"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1126058",
        "url": "https://bugzilla.suse.com/1126058"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1127932",
        "url": "https://bugzilla.suse.com/1127932"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1129757",
        "url": "https://bugzilla.suse.com/1129757"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1129889",
        "url": "https://bugzilla.suse.com/1129889"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1131512",
        "url": "https://bugzilla.suse.com/1131512"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1136584",
        "url": "https://bugzilla.suse.com/1136584"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1137477",
        "url": "https://bugzilla.suse.com/1137477"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1138165",
        "url": "https://bugzilla.suse.com/1138165"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1138977",
        "url": "https://bugzilla.suse.com/1138977"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1140697",
        "url": "https://bugzilla.suse.com/1140697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142518",
        "url": "https://bugzilla.suse.com/1142518"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142662",
        "url": "https://bugzilla.suse.com/1142662"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1144211",
        "url": "https://bugzilla.suse.com/1144211"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1154972",
        "url": "https://bugzilla.suse.com/1154972"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155953",
        "url": "https://bugzilla.suse.com/1155953"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1156501",
        "url": "https://bugzilla.suse.com/1156501"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160446",
        "url": "https://bugzilla.suse.com/1160446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1166537",
        "url": "https://bugzilla.suse.com/1166537"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173926",
        "url": "https://bugzilla.suse.com/1173926"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3681 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3681/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3685 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3685/"
      }
    ],
    "title": "Security update for osc",
    "tracking": {
      "current_release_date": "2022-12-07T16:38:34Z",
      "generator": {
        "date": "2022-12-07T16:38:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:4351-1",
      "initial_release_date": "2022-12-07T16:38:34Z",
      "revision_history": [
        {
          "date": "2022-12-07T16:38:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "osc-0.182.0-15.12.1.noarch",
                "product": {
                  "name": "osc-0.182.0-15.12.1.noarch",
                  "product_id": "osc-0.182.0-15.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "osc-0.182.0-15.12.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
        },
        "product_reference": "osc-0.182.0-15.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-3681",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3681"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3681",
          "url": "https://www.suse.com/security/cve/CVE-2019-3681"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122675 for CVE-2019-3681",
          "url": "https://bugzilla.suse.com/1122675"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-12-07T16:38:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3681"
    },
    {
      "cve": "CVE-2019-3685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Open Build Service before version 0.165.4 diddn\u0027t validate TLS certificates for HTTPS connections with the osc client binary",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3685",
          "url": "https://www.suse.com/security/cve/CVE-2019-3685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142518 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142518"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142662 for CVE-2019-3685",
          "url": "https://bugzilla.suse.com/1142662"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:osc-0.182.0-15.12.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-12-07T16:38:34Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-3685"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3685 (GCVE-0-2019-3685)

Tags

Sightings

Nomenclature