CVE-2020-24661
MEDIUM5.9EPSS 0.18%發布日:2020/8/26修改日:2026/4/28
也稱為:DEBIAN-CVE-2020-24661
描述
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
受影響套件(1)
- Debian/gearyfrom 0, < 3.38.0.1-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |