Back to search
CVE-2020-24661
Published: Aug 26, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://gitlab.gnome.org/GNOME/geary/-/issues/866
x_refsource_MISC
FEDORA-2020-d445fb484a
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-95f2c5cc25
vendor-advisory
x_refsource_FEDORA
20200902 Cisco Jabber for Windows Information Disclosure Vulnerability
vendor-advisory
x_refsource_CISCO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now