Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
383
VMScore

CVE-2021-39359

Published: 22/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

In GNOME libgda up to and including 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libgda

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Debian CVElist Bug Report Logs: libgda5: CVE-2021-39359
Debian Bug report logs - #993592 libgda5: CVE-2021-39359 Package: src:libgda5; Maintainer for src:libgda5 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Sep 2021 13:27:02 UTC Severity: important Tags: security, upstream ...
Arch Linux Issues:
In GNOME libgda through 600, gda-web-providerc does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks NOTE: this is similar to CVE-2016-20011 ...

References

CWE-295https://gitlab.gnome.org/GNOME/libgda/-/issues/249https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLMVVIJNY5NMOT3FH36RFBWOTPVW7GME/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRPPP47WRCAPAEJGRMEKYYJZBQCYXTLQ/https://github.com/GNOME/libgda/commit/bd7b9568bcd9f6d3e6680bb04323a670c842a62dhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993592
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267XML injectionCVE-2024-37673CVE-2024-6266CVE-2024-30078arbitrary CVE-2024-36886CVE-2024-5346template injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook