CVE-2021-39365
Description
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.389
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2021:3003-1(SUSE Linux Enterprise Server 12-SP5 ) grilo-debugsource-0.3.2-7.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3003-1(SUSE Linux Enterprise Server 12-SP5 ) libgrilo-0_3-0-0.3.2-7.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3003-1(SUSE Linux Enterprise Server 12-SP5 ) libgrilo-0_3-0-debuginfo-0.3.2-7.3.1.x86_64.rpm | Linux |
| (RHSA-2021:4339)Moderate: security update grilo-0.3.6-3.el8.i686.rpm | Linux |
| (RHSA-2021:4339)Moderate: security update grilo-0.3.6-3.el8.x86_64.rpm | Linux |
| (RHSA-2021:4339)Moderate: security update grilo-debuginfo-0.3.6-3.el8.i686.rpm | Linux |
| (RHSA-2021:4339)Moderate: security update grilo-debuginfo-0.3.6-3.el8.x86_64.rpm | Linux |
| (RHSA-2021:4339)Moderate: security update grilo-debugsource-0.3.6-3.el8.i686.rpm | Linux |
| (RHSA-2021:4339)Moderate: security update grilo-debugsource-0.3.6-3.el8.x86_64.rpm | Linux |
| Framework for discovering and browsing media - GObject introspect (USN-5055-1) libgrilo-0.3-0_0.3.4-1ubuntu0.1_i386.deb | Linux |
| Framework for discovering and browsing media - GObject introspect (USN-5055-1) libgrilo-0.3-0_0.3.4-1ubuntu0.1_amd64.deb | Linux |
| Framework for discovering and browsing media - GObject introspect (USN-5055-1) libgrilo-0.3-0_0.3.12-1ubuntu0.1_amd64.deb | Linux |
| Framework for discovering and browsing media - GObject introspect (USN-5055-1) libgrilo-0.3-0_0.3.13-1ubuntu0.1_amd64.deb | Linux |
| grilo security update (RLSA-2021:4339) grilo-0.3.6-3.el8.i686.rpm | Linux |
| grilo security update (RLSA-2021:4339) grilo-0.3.6-3.el8.x86_64.rpm | Linux |
| Grilo update (ELSA-2021-4339) grilo-0.3.6-3.el8.i686.rpm | Linux |
| Grilo update (ELSA-2021-4339) grilo-0.3.6-3.el8.x86_64.rpm | Linux |
| grilo Security Update (ALAS-2023-2306) grilo-0.3.6-1.amzn2.0.1.i686.rpm | Linux |
| grilo Security Update (ALAS-2023-2306) grilo-0.3.6-1.amzn2.0.1.x86_64.rpm | Linux |
| grilo Security Update (ALAS-2023-2306) grilo-devel-0.3.6-1.amzn2.0.1.x86_64.rpm | Linux |
| grilo security update(DSA-4964-1) gir1.2-grilo-0.3_0.3.7-1+deb10u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) gir1.2-grilo-0.3_0.3.7-1+deb10u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) gir1.2-grilo-0.3_0.3.13-1+deb11u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) gir1.2-grilo-0.3_0.3.13-1+deb11u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-doc_0.3.7-1+deb10u1_all.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-doc_0.3.13-1+deb11u1_all.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-dev_0.3.7-1+deb10u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-dev_0.3.7-1+deb10u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-dev_0.3.13-1+deb11u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-dev_0.3.13-1+deb11u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-bin_0.3.7-1+deb10u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-bin_0.3.7-1+deb10u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-bin_0.3.13-1+deb11u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-bin_0.3.13-1+deb11u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-0_0.3.7-1+deb10u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-0_0.3.7-1+deb10u1_amd64.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-0_0.3.13-1+deb11u1_i386.deb | Linux |
| grilo security update(DSA-4964-1) libgrilo-0.3-0_0.3.13-1+deb11u1_amd64.deb | Linux |
| Moderate: grilo security update grilo-0.3.6-3.el8.i686.rpm | Linux |
| Moderate: grilo security update grilo-0.3.6-3.el8.x86_64.rpm | Linux |
| grilo Security Update (ALAS2-2023-2306) grilo-0.3.6-1.amzn2.0.1.i686.rpm | Linux |
| grilo Security Update (ALAS2-2023-2306) grilo-0.3.6-1.amzn2.0.1.x86_64.rpm | Linux |
| grilo Security Update (ALAS2-2023-2306) grilo-devel-0.3.6-1.amzn2.0.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234