Transport Layer Security Weakness in GNOME Libgda Web Provider
CVE-2021-39359

5.9MEDIUM

Key Information:

Vendor

Gnome
Status
Libgda
Vendor
CVE Published:
22 August 2021

What is CVE-2021-39359?

The GNOME Libgda's web provider component fails to enforce TLS certificate verification in its SoupSessionSync objects. This oversight can expose users to man-in-the-middle (MITM) attacks, allowing malicious actors to intercept or alter data during transmission. Users of affected versions should be aware of this significant risk and consider immediate updates or mitigations to enhance security against such threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-so...
https://gitlab.gnome.org/GNOME/libgda/-/issues/249
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.