{"id":"CVE-2015-4456","details":"ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.","modified":"2026-04-16T06:26:20.073821299Z","published":"2015-10-26T14:59:00Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3363"},{"type":"ADVISORY","url":"https://owncloud.org/security/advisory/?id=oc-sa-2015-009"},{"type":"REPORT","url":"https://github.com/owncloud/client/issues/3283"},{"type":"WEB","url":"http://www.securityfocus.com/bid/75354"}],"schema_version":"1.7.5"}