Описание
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.3.4-1ubuntu0.1 |
| devel | released | 0.3.13-1.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 0.3.4-1ubuntu0.1 |
| esm-infra/focal | not-affected | 0.3.12-1ubuntu0.1 |
| esm-infra/xenial | released | 0.2.15-1ubuntu0.1~esm1 |
| focal | released | 0.3.12-1ubuntu0.1 |
| hirsute | released | 0.3.13-1ubuntu0.1 |
| impish | released | 0.3.13-1.1 |
| jammy | released | 0.3.13-1.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3