PT-2021-22566 · Gnome+2 · Gnome Libzapojit+2

Michael Catanzaro

Published

2021-08-22

Updated

2022-09-14

CVE-2021-39360

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GNOME libzapojit versions prior to 0.0.4

Description: The issue arises from the failure to enable TLS certificate verification on the SoupSessionSync objects created in zpj-skydrive.c, making users susceptible to network man-in-the-middle (MITM) attacks.

Recommendations: For versions prior to 0.0.4, update to version 0.0.4 or later to enable TLS certificate verification and prevent MITM attacks.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2021-39360

MGASA-2021-0504

OESA-2021-1440

OPENSUSE-SU-2022_3267-1

OPENSUSE-SU-2024:11654-1

SUSE-SU-2022:3266-1

SUSE-SU-2022:3267-1

SUSE-SU-2022_3266-1

SUSE-SU-2022_3267-1

Affected Products

Debian

Gnome Libzapojit

Suse

PT-2021-22566 · Gnome+2 · Gnome Libzapojit+2

CVE-2021-39360

Weakness Enumeration

Related Identifiers

Affected Products

References · 28