7.5

CVE-2016-20011

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeLibgrss Version <= 0.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.47% 0.703
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://bugzilla.gnome.org/show_bug.cgi?id=772647
Vendor Advisory
Issue Tracking
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
Vendor Advisory
Issue Tracking
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch
Patch
Vendor Advisory
Mailing List