// For flags

CVE-2020-13645

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

En GNOME glib-networking versiones hasta 2.64.2, la implementación de GTlsClientConnection omite la verificación del nombre de host del certificado TLS del servidor si la aplicación presenta un fallo al especificar la identidad esperada del servidor. Esto está en contraste con su comportamiento documentado previsto, en el fallo de la verificación del certificado. Las aplicaciones que fallaron al proporcionar la identidad del servidor, incluidas Balsa versiones anteriores a 2.5.11 y versiones 2.6.x anteriores a 2.6.1, aceptan un certificado TLS si el certificado es válido para cualquier host.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-05-28 CVE Reserved
  • 2020-05-28 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-09-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnome
Search vendor "Gnome"
Balsa
Search vendor "Gnome" for product "Balsa"
< 2.5.11
Search vendor "Gnome" for product "Balsa" and version " < 2.5.11"
-
Affected
Gnome
Search vendor "Gnome"
Balsa
Search vendor "Gnome" for product "Balsa"
2.6.0
Search vendor "Gnome" for product "Balsa" and version "2.6.0"
-
Affected
Gnome
Search vendor "Gnome"
Glib-networking
Search vendor "Gnome" for product "Glib-networking"
< 2.62.4
Search vendor "Gnome" for product "Glib-networking" and version " < 2.62.4"
-
Affected
Gnome
Search vendor "Gnome"
Glib-networking
Search vendor "Gnome" for product "Glib-networking"
>= 2.64.0 < 2.64.3
Search vendor "Gnome" for product "Glib-networking" and version " >= 2.64.0 < 2.64.3"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
19.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
20.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"
lts
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Netapp
Search vendor "Netapp"
Cloud Backup
Search vendor "Netapp" for product "Cloud Backup"
--
Affected
Broadcom
Search vendor "Broadcom"
Fabric Operating System
Search vendor "Broadcom" for product "Fabric Operating System"
--
Affected