{"id":"UBUNTU-CVE-2015-4456","details":"ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.","modified":"2025-07-16T07:17:32.386141Z","published":"2015-10-26T14:59:00Z","withdrawn":"2025-07-18T16:43:13Z","upstream":["CVE-2015-4456"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-4456"},{"type":"REPORT","url":"https://owncloud.org/security/advisory/?id=oc-sa-2015-009"},{"type":"REPORT","url":"https://owncloud.org/security/advisories/improper-validation-of-certificates-when-using-self-signed-certificates/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-4456"}],"affected":[{"package":{"name":"owncloud-client","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/owncloud-client@2.1.1+dfsg-1ubuntu1.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1+dfsg-1ubuntu1.1"}]}],"versions":["1.8.1+dfsg-1ubuntu1","2.1.1+dfsg-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"libowncloudsync-dev"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"libowncloudsync0"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"libowncloudsync0-dbgsym"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"nautilus-owncloud"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"owncloud-client"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"owncloud-client-cmd"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"owncloud-client-cmd-dbgsym"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"owncloud-client-dbgsym"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"owncloud-client-doc"},{"binary_version":"2.1.1+dfsg-1ubuntu1.1","binary_name":"owncloud-client-l10n"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-4456.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}