CVE-2021-39361 — MEDIUM (5.9)

Q: How severe is CVE-2021-39361?

CVE-2021-39361 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-39361?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Evolution-Rss.

Vulnerability Description

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnome	Evolution-Rss	<= 0.3.96

Related Weaknesses (CWE)

CWE-295

References

https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsVendor Advisory
https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11Issue TrackingVendor Advisory
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsVendor Advisory
https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11Issue TrackingVendor Advisory

FAQ

What is CVE-2021-39361?

CVE-2021-39361 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: th...

How severe is CVE-2021-39361?

CVE-2021-39361 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39361?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Evolution-Rss.