Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-13645

Опубликовано: 28 мая 2020
Источник: nvd
CVSS3: 6.5
CVSS2: 6.4
EPSS Низкий

Описание

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnome:balsa:*:*:*:*:*:*:*:*
Версия до 2.5.11 (исключая)
cpe:2.3:a:gnome:balsa:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:glib-networking:*:*:*:*:*:*:*:*
Версия до 2.62.4 (исключая)
cpe:2.3:a:gnome:glib-networking:*:*:*:*:*:*:*:*
Версия от 2.64.0 (включая) до 2.64.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%
0.0061
Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

ubuntu логотип

CVE-2020-13645

CVSS3: 6.5
ubuntu
больше 5 лет назад

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

redhat логотип

CVE-2020-13645

CVSS3: 6.5
redhat
почти 6 лет назад

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

msrc логотип

CVE-2020-13645

CVSS3: 6.5
msrc
больше 5 лет назад

In GNOME glib-networking through 2.64.2 the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior to fail the certificate verification. Applications that fail to provide the server identity including Balsa before 2.5.11 and 2.6.x before 2.6.1 accept a TLS certificate if the certificate is valid for any host.

debian логотип

CVE-2020-13645

CVSS3: 6.5
debian
больше 5 лет назад

In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...

suse-cvrf логотип

openSUSE-SU-2021:3944-1

suse-cvrf
около 4 лет назад

Security update for glib-networking

EPSS

Процентиль: 69%
0.0061
Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-295