python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 12.2 |
| python_bugzilla_project | python-bugzilla | * |
| python_bugzilla_project | python-bugzilla | 0.7.0 |
| fedoraproject | fedora | 18 |
| python_bugzilla_project | python-bugzilla | 0.6.2 |
| python_bugzilla_project | python-bugzilla | 0.6.1 |
| python_bugzilla_project | python-bugzilla | 0.6.0 |
| fedoraproject | fedora | 17 |
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.3 |