libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
References
Link | Resource |
---|---|
https://bugzilla.gnome.org/show_bug.cgi?id=772647 | Issue Tracking Vendor Advisory |
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 | Issue Tracking Vendor Advisory |
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch | Mailing List Patch Vendor Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=772647 | Issue Tracking Vendor Advisory |
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 | Issue Tracking Vendor Advisory |
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch | Mailing List Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 02:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.gnome.org/show_bug.cgi?id=772647 - Issue Tracking, Vendor Advisory | |
References | () https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 - Issue Tracking, Vendor Advisory | |
References | () https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch - Mailing List, Patch, Vendor Advisory |
09 Jun 2021, 15:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch - Mailing List, Patch, Vendor Advisory |
08 Jun 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jun 2021, 17:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-295 | |
CPE | cpe:2.3:a:gnome:libgrss:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://bugzilla.gnome.org/show_bug.cgi?id=772647 - Issue Tracking, Vendor Advisory |
25 May 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-25 21:15
Updated : 2024-11-21 02:47
NVD link : CVE-2016-20011
Mitre link : CVE-2016-20011
CVE.ORG link : CVE-2016-20011
JSON object : View
Products Affected
gnome
- libgrss
CWE
CWE-295
Improper Certificate Validation