CVE-2020-13645
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
En GNOME glib-networking versiones hasta 2.64.2, la implementación de GTlsClientConnection omite la verificación del nombre de host del certificado TLS del servidor si la aplicación presenta un fallo al especificar la identidad esperada del servidor. Esto está en contraste con su comportamiento documentado previsto, en el fallo de la verificación del certificado. Las aplicaciones que fallaron al proporcionar la identidad del servidor, incluidas Balsa versiones anteriores a 2.5.11 y versiones 2.6.x anteriores a 2.6.1, aceptan un certificado TLS si el certificado es válido para cualquier host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-28 CVE Reserved
- 2020-05-28 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20200608-0004 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://gitlab.gnome.org/GNOME/balsa/-/issues/34 | 2024-08-04 | |
https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnome Search vendor "Gnome" | Balsa Search vendor "Gnome" for product "Balsa" | < 2.5.11 Search vendor "Gnome" for product "Balsa" and version " < 2.5.11" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Balsa Search vendor "Gnome" for product "Balsa" | 2.6.0 Search vendor "Gnome" for product "Balsa" and version "2.6.0" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Glib-networking Search vendor "Gnome" for product "Glib-networking" | < 2.62.4 Search vendor "Gnome" for product "Glib-networking" and version " < 2.62.4" | - |
Affected
| ||||||
Gnome Search vendor "Gnome" | Glib-networking Search vendor "Gnome" for product "Glib-networking" | >= 2.64.0 < 2.64.3 Search vendor "Gnome" for product "Glib-networking" and version " >= 2.64.0 < 2.64.3" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Fabric Operating System Search vendor "Broadcom" for product "Fabric Operating System" | - | - |
Affected
|