CVE-2022-2996 – python-scciclient: missing server certificate verification
https://notcve.org/view.php?id=CVE-2022-2996
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. Se encontró un fallo en python-scciclient cuando es realizada una conexión HTTPS a un servidor en el que no es verificado el certificado del servidor. Este problema abre la conexión a posibles ataques de tipo Man-in-the-middle (MITM) • https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c https://access.redhat.com/security/cve/CVE-2022-2996 https://bugzilla.redhat.com/show_bug.cgi?id=2115122 • CWE-295: Improper Certificate Validation •