Vigil@nce - Open Build Service osc: Man-in-the-Middle
October 2019 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer-vulnerability-database-and-alert
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-Middle on Open Build Service
osc, in order to read or write data in the session.
– Impacted products: openSUSE Leap.
– Severity: 2/4.
– Consequences: data reading, data creation/edition.
– Provenance: internet server.
– Confidence: confirmed by the editor (5/5).
– Creation date: 13/08/2019.
DESCRIPTION OF THE VULNERABILITY
The Open Build Service osc product uses the TLS protocol, in order
to create secure sessions.
However, the X.509 certificate and the service identity are not
correctly checked.
An attacker can therefore act as a Man-in-the-Middle on Open Build
Service osc, in order to read or write data in the session.
ACCESS TO THE FULL VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Open-Build-Service-osc-Man-in-the-Middle-30025