1 results (0.001 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME evolution-rss versiones hasta 0.3.96, el archivo network-soup.c, no habilita la verificación del certificado TLS en los objetos SoupSessionSync que crea, dejando a los usuarios vulnerables a ataques MITM de la red. NOTA: Esto es similar a CVE-2016-20011. • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 • CWE-295: Improper Certificate Validation •