Описание
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | compat-grilo02 | Will not fix | ||
| Red Hat Enterprise Linux 7 | grilo | Will not fix | ||
| Red Hat Enterprise Linux 9 | grilo | Not affected | ||
| Red Hat Enterprise Linux 8 | grilo | Fixed | RHSA-2021:4339 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...
7.5 High
CVSS3