CVE-2017-14806: Insecure handling of repodata and packages in SUSE Studio onlite
First published: Mon Jan 27 2020(Updated: )
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Studio Onsite | =1.3 | |
| Suse Susestudio-ui-server | <=1.3.17-56.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2017-14806.
What is the severity of CVE-2017-14806?
The severity of CVE-2017-14806 is medium with a score of 5.9.
How does CVE-2017-14806 affect SUSE Studio onsite?
CVE-2017-14806 allows remote attackers to MITM connections to the repositories in SUSE Studio onsite, enabling them to modify packages received over these connections.
Which versions of SUSE Studio onsite are affected by CVE-2017-14806?
SUSE Studio onsite version 1.3 is affected by CVE-2017-14806.
Is there a reference link for more information about CVE-2017-14806?
Yes, you can find more information about CVE-2017-14806 at the following link: [https://bugzilla.suse.com/show_bug.cgi?id=1065397](https://bugzilla.suse.com/show_bug.cgi?id=1065397)
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/suse
- canonical/suse studio onsite
- version/suse studio onsite/1.3
- canonical/suse susestudio-ui-server
- version/suse susestudio-ui-server/1.3.17-56.6.3