CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
82.8%
The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | 10.04 | cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* |
canonical | ubuntu_linux | 11.04 | cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 11.10 | cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* |