383
VMScore

CVE-2021-39359

Published: 22/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

In GNOME libgda up to and including 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libgda

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Debian Bug report logs - #993592 libgda5: CVE-2021-39359 Package: src:libgda5; Maintainer for src:libgda5 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Sep 2021 13:27:02 UTC Severity: important Tags: security, upstream ...
In GNOME libgda through 600, gda-web-providerc does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks NOTE: this is similar to CVE-2016-20011 ...