Debarshi Ray

**Name of the Vulnerable Software and Affected Versions** Gnome Online Accounts (GOA) versions 3.6.x through 3.6.2 Gnome Online Accounts (GOA) versions 3.7.x through 3.7.90 **Description** The issue is related to the improper validation of SSL certificates when creating accounts for providers who use the libsoup library. This allows man-in-the-middle attackers to obtain sensitive information, such as credentials, by sniffing the network. **Recommendations** For Gnome Online Accounts (GOA) versions 3.6.x through 3.6.2, update to version 3.6.3 or later. For Gnome Online Accounts (GOA) versions 3.7.x through 3.7.90, update to version 3.7.91 or later.